Vulnerabilities > Apache > Superset
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-17 | CVE-2020-13948 | Unspecified vulnerability in Apache Superset While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. | 8.8 |
| 2020-01-28 | CVE-2020-1932 | Unspecified vulnerability in Apache Superset An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. | 6.5 |
| 2019-12-16 | CVE-2019-12414 | Information Exposure vulnerability in Apache Superset In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab | 5.3 |
| 2019-12-16 | CVE-2019-12413 | Unspecified vulnerability in Apache Superset In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a specially crafted complex query. | 5.3 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |