Vulnerabilities > Apache > Superset > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-39887 | Unspecified vulnerability in Apache Superset An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. | 9.8 |
| 2023-04-24 | CVE-2023-27524 | Insecure Default Initialization of Resource vulnerability in Apache Superset Session Validation attacks in Apache Superset versions up to and including 2.0.1. | 9.8 |
| 2022-04-13 | CVE-2022-27479 | SQL Injection vulnerability in Apache Superset Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. | 9.8 |
| 2018-11-07 | CVE-2018-8021 | Deserialization of Untrusted Data vulnerability in Apache Superset Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. | 9.8 |