Vulnerabilities > Apache > Superset > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-04-24 CVE-2023-27524 Insecure Default Initialization of Resource vulnerability in Apache Superset
Session Validation attacks in Apache Superset versions up to and including 2.0.1.
network
low complexity
apache CWE-1188
critical
9.8
2022-04-13 CVE-2022-27479 SQL Injection vulnerability in Apache Superset
Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests.
network
low complexity
apache CWE-89
critical
9.8
2018-11-07 CVE-2018-8021 Deserialization of Untrusted Data vulnerability in Apache Superset
Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution.
network
low complexity
apache CWE-502
critical
9.8