Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/18921?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/18921?format=api", "purl": "pkg:pypi/apache-superset@1.4.0", "type": "pypi", "namespace": "", "name": "apache-superset", "version": "1.4.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.0.0", "latest_non_vulnerable_version": "6.0.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=api", "vulnerability_id": "VCID-19em-abzu-5bd5", "summary": "An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32284", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.3228", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.321", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32302", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27315" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/28/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/28/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27315", "reference_id": "CVE-2024-27315", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27315" }, { "reference_url": "https://github.com/advisories/GHSA-h7r6-8qmm-hj5r", "reference_id": "GHSA-h7r6-8qmm-hj5r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h7r6-8qmm-hj5r" }, { "reference_url": "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z", "reference_id": "qcwbx7q2s3ynsd405895bx3wcwq32j7z", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T16:03:10Z/" } ], "url": "https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29411?format=api", "purl": "pkg:pypi/apache-superset@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29413?format=api", "purl": "pkg:pypi/apache-superset@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1" } ], "aliases": [ "CVE-2024-27315", "GHSA-h7r6-8qmm-hj5r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-19em-abzu-5bd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59435?format=api", "vulnerability_id": "VCID-1gqt-cpea-b7ht", "summary": "Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55633", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77963", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77956", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.77881", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01043", "scoring_system": "epss", "scoring_elements": "0.7795", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-55633" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55633", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-55633" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/12/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/12/1" }, { "reference_url": "https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb", "reference_id": "bwmd17fcvljt9q4cgctp4v09zh3qs7fb", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:27:53Z/" } ], "url": "https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb" }, { "reference_url": "https://github.com/advisories/GHSA-787v-v9vq-4rgv", "reference_id": "GHSA-787v-v9vq-4rgv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-787v-v9vq-4rgv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372313?format=api", "purl": "pkg:pypi/apache-superset@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0" } ], "aliases": [ "CVE-2024-55633", "GHSA-787v-v9vq-4rgv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqt-cpea-b7ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121409?format=api", "vulnerability_id": "VCID-2bqf-unav-tbfs", "summary": "Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49046", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49033", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48892", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49028", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55675" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55675", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55675" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/08/14/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/08/14/6" }, { "reference_url": "https://github.com/advisories/GHSA-mhpq-m962-mg92", "reference_id": "GHSA-mhpq-m962-mg92", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mhpq-m962-mg92" }, { "reference_url": "https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33", "reference_id": "op681b4kbd7g84tfjf9omz0sxggbcv33", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:47:53Z/" } ], "url": "https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377635?format=api", "purl": "pkg:pypi/apache-superset@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0" } ], "aliases": [ "CVE-2025-55675", "GHSA-mhpq-m962-mg92" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqf-unav-tbfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66962?format=api", "vulnerability_id": "VCID-35bq-93h8-qufg", "summary": "Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23969", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21453", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21624", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21637", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2165", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23969" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/24/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/24/4" }, { "reference_url": "https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd", "reference_id": "2q22sp4oj3krcgdkxchhtht0vgwp2wnd", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:03:24Z/" } ], "url": "https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23969", "reference_id": "CVE-2026-23969", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23969" }, { "reference_url": "https://github.com/advisories/GHSA-48m2-v2r8-h23m", "reference_id": "GHSA-48m2-v2r8-h23m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-48m2-v2r8-h23m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39576?format=api", "purl": "pkg:pypi/apache-superset@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2" } ], "aliases": [ "CVE-2026-23969", "GHSA-48m2-v2r8-h23m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-35bq-93h8-qufg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145702?format=api", "vulnerability_id": "VCID-3aw6-59a3-eba8", "summary": "Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27523", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22235", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22225", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22044", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22247", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27523" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27523", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27523" }, { "reference_url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h", "reference_id": "3y97nmwm956b6zg3l8dh9oj0w7dj945h", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:49:47Z/" } ], "url": "https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h" }, { "reference_url": "https://github.com/advisories/GHSA-v594-2c97-hx38", "reference_id": "GHSA-v594-2c97-hx38", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v594-2c97-hx38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-27523", "GHSA-v594-2c97-hx38" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3aw6-59a3-eba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211001?format=api", "vulnerability_id": "VCID-3q94-rkzw-q7bb", "summary": "Apache Superset allows authenticated users to access metadata they have no permission to", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57548", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57431", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57552", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00345", "scoring_system": "epss", "scoring_elements": "0.57562", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37839" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503" }, { "reference_url": "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37839", "reference_id": "CVE-2021-37839", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-37839" }, { "reference_url": "https://github.com/advisories/GHSA-748r-5r8q-273m", "reference_id": "GHSA-748r-5r8q-273m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-748r-5r8q-273m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25244?format=api", "purl": "pkg:pypi/apache-superset@1.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-3sh2-fv5f-jkh5" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-au4r-bwjy-rbdw" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-cmt6-zps1-1yaa" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-ggry-wydz-j3az" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-hb6y-7ujs-bfe9" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-uyy9-mrk5-fbhd" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-w4pb-uqe1-27cv" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.1" } ], "aliases": [ "CVE-2021-37839", "GHSA-748r-5r8q-273m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3q94-rkzw-q7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/165630?format=api", "vulnerability_id": "VCID-3sh2-fv5f-jkh5", "summary": "When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02695", "scoring_system": "epss", "scoring_elements": "0.8626", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.02695", "scoring_system": "epss", "scoring_elements": "0.86258", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.02695", "scoring_system": "epss", "scoring_elements": "0.86249", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0324", "scoring_system": "epss", "scoring_elements": "0.87393", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45438" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45438", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45438" }, { "reference_url": "https://github.com/advisories/GHSA-8f5j-mgx9-5hm5", "reference_id": "GHSA-8f5j-mgx9-5hm5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f5j-mgx9-5hm5" }, { "reference_url": "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9", "reference_id": "snxbkf2x9kww7s0wkmydct9nhqqn9rv9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:59:07Z/" } ], "url": "https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-45438", "GHSA-8f5j-mgx9-5hm5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3sh2-fv5f-jkh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208797?format=api", "vulnerability_id": "VCID-46y8-wuk7-hfad", "summary": "SQL injection in apache-superset", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27479", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89154", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.892", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.04329", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27479" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml" }, { "reference_url": "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6" }, { "reference_url": "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/04/13/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/04/13/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27479", "reference_id": "CVE-2022-27479", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27479" }, { "reference_url": "https://github.com/advisories/GHSA-wh73-hpcg-v32j", "reference_id": "GHSA-wh73-hpcg-v32j", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh73-hpcg-v32j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/20127?format=api", "purl": "pkg:pypi/apache-superset@1.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-3q94-rkzw-q7bb" }, { "vulnerability": "VCID-3sh2-fv5f-jkh5" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-au4r-bwjy-rbdw" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-cmt6-zps1-1yaa" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-ggry-wydz-j3az" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-hb6y-7ujs-bfe9" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-uyy9-mrk5-fbhd" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-w4pb-uqe1-27cv" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.2" } ], "aliases": [ "BIT-superset-2022-27479", "CVE-2022-27479", "GHSA-wh73-hpcg-v32j", "PYSEC-2022-188" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46y8-wuk7-hfad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356675?format=api", "vulnerability_id": "VCID-4axb-e4nm-3fcy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27068", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27271", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2729", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27272", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42502" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42502", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42502" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/28/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/28/3" }, { "reference_url": "https://github.com/advisories/GHSA-hc74-9vjm-c9xv", "reference_id": "GHSA-hc74-9vjm-c9xv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hc74-9vjm-c9xv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31859?format=api", "purl": "pkg:pypi/apache-superset@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0" } ], "aliases": [ "CVE-2023-42502", "GHSA-hc74-9vjm-c9xv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4axb-e4nm-3fcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136369?format=api", "vulnerability_id": "VCID-58d5-z1y6-qffj", "summary": "An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06597", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06579", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06608", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00022", "scoring_system": "epss", "scoring_elements": "0.06585", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36387" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36387", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36387" }, { "reference_url": "https://github.com/apache/superset/pull/24185", "reference_id": "24185", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/" } ], "url": "https://github.com/apache/superset/pull/24185" }, { "reference_url": "https://github.com/advisories/GHSA-9832-mgg4-3gr6", "reference_id": "GHSA-9832-mgg4-3gr6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9832-mgg4-3gr6" }, { "reference_url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3", "reference_id": "tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/" } ], "url": "https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-36387", "GHSA-9832-mgg4-3gr6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58d5-z1y6-qffj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145501?format=api", "vulnerability_id": "VCID-5m3g-6uya-1fe3", "summary": "A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31627", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31418", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.3161", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27526" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27526", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27526" }, { "reference_url": "https://github.com/advisories/GHSA-9qc3-p9jq-2x27", "reference_id": "GHSA-9qc3-p9jq-2x27", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9qc3-p9jq-2x27" }, { "reference_url": "https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv", "reference_id": "ndww89yl2jd98lvn23n9cj722lfdg8dv", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:41Z/" } ], "url": "https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-27526", "GHSA-9qc3-p9jq-2x27" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5m3g-6uya-1fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136294?format=api", "vulnerability_id": "VCID-6brk-rjs7-67he", "summary": "Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32642", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3264", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32461", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32663", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36388" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36388" }, { "reference_url": "https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs", "reference_id": "ccmjjz4jp17yc2kcd18qshmdtf7qorfs", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:04Z/" } ], "url": "https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs" }, { "reference_url": "https://github.com/advisories/GHSA-4fg9-5w46-xmrj", "reference_id": "GHSA-4fg9-5w46-xmrj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4fg9-5w46-xmrj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-36388", "GHSA-4fg9-5w46-xmrj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6brk-rjs7-67he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66895?format=api", "vulnerability_id": "VCID-8bqq-wrc2-b3de", "summary": "An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13535", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13512", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13418", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13539", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23982" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/24/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/24/6" }, { "reference_url": "https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp", "reference_id": "9lvbzwkw4rxgdvbpfvnnnfcll92v75fp", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:44:20Z/" } ], "url": "https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23982", "reference_id": "CVE-2026-23982", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23982" }, { "reference_url": "https://github.com/advisories/GHSA-3m2g-v7jf-7fxc", "reference_id": "GHSA-3m2g-v7jf-7fxc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3m2g-v7jf-7fxc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39575?format=api", "purl": "pkg:pypi/apache-superset@6.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0" } ], "aliases": [ "CVE-2026-23982", "GHSA-3m2g-v7jf-7fxc" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqq-wrc2-b3de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33743?format=api", "vulnerability_id": "VCID-8qnw-zrab-y3ac", "summary": "This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23952", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0138", "scoring_system": "epss", "scoring_elements": "0.80754", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0138", "scoring_system": "epss", "scoring_elements": "0.80763", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0138", "scoring_system": "epss", "scoring_elements": "0.80752", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0138", "scoring_system": "epss", "scoring_elements": "0.80692", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-23952" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/14/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/14/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/14/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23952", "reference_id": "CVE-2024-23952", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23952" }, { "reference_url": "https://github.com/advisories/GHSA-v7q3-5rqm-x7m9", "reference_id": "GHSA-v7q3-5rqm-x7m9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v7q3-5rqm-x7m9" }, { "reference_url": "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx", "reference_id": "zc58zvm4414molqn2m4d4vkrbrsxdksx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/" } ], "url": "https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31858?format=api", "purl": "pkg:pypi/apache-superset@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/31860?format=api", "purl": "pkg:pypi/apache-superset@3.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.1" } ], "aliases": [ "CVE-2024-23952", "GHSA-v7q3-5rqm-x7m9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qnw-zrab-y3ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39948?format=api", "vulnerability_id": "VCID-8s2r-g7nq-9qcm", "summary": "An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23713", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23895", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23909", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0008", "scoring_system": "epss", "scoring_elements": "0.23918", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-28148" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28148", "reference_id": "CVE-2024-28148", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28148" }, { "reference_url": "https://github.com/advisories/GHSA-299q-3p96-5898", "reference_id": "GHSA-299q-3p96-5898", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-299q-3p96-5898" }, { "reference_url": "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo", "reference_id": "n27wlbd05oc6bgjh28d5pxzsrrph8dgo", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:25:54Z/" } ], "url": "https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30933?format=api", "purl": "pkg:pypi/apache-superset@3.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/32253?format=api", "purl": "pkg:pypi/apache-superset@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.0" } ], "aliases": [ "CVE-2024-28148", "GHSA-299q-3p96-5898" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8s2r-g7nq-9qcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356676?format=api", "vulnerability_id": "VCID-98eq-5ynn-2ba5", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42505", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13258", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13364", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1337", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13346", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42505" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42505", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42505" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/28/5" }, { "reference_url": "https://github.com/advisories/GHSA-fgpw-4w69-j256", "reference_id": "GHSA-fgpw-4w69-j256", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fgpw-4w69-j256" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31859?format=api", "purl": "pkg:pypi/apache-superset@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0" } ], "aliases": [ "CVE-2023-42505", "GHSA-fgpw-4w69-j256" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-98eq-5ynn-2ba5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139370?format=api", "vulnerability_id": "VCID-9wan-6z96-uudu", "summary": "Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39265", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.72085", "scoring_system": "epss", "scoring_elements": "0.98776", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.72085", "scoring_system": "epss", "scoring_elements": "0.98777", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.72085", "scoring_system": "epss", "scoring_elements": "0.9877", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.72085", "scoring_system": "epss", "scoring_elements": "0.98775", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39265" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39265", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39265" }, { "reference_url": "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", "reference_id": "Apache-Superset-2.0.0-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/" } ], "url": "http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html" }, { "reference_url": "https://github.com/advisories/GHSA-fm4q-j8g4-c9j4", "reference_id": "GHSA-fm4q-j8g4-c9j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fm4q-j8g4-c9j4" }, { "reference_url": "https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy", "reference_id": "pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy", "reference_type": "", "scores": [ { "value": "3.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/" } ], "url": "https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-39265", "GHSA-fm4q-j8g4-c9j4" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wan-6z96-uudu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163127?format=api", "vulnerability_id": "VCID-au4r-bwjy-rbdw", "summary": "Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43717", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01349", "scoring_system": "epss", "scoring_elements": "0.805", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81575", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81574", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01497", "scoring_system": "epss", "scoring_elements": "0.81583", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43717" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43717", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43717" }, { "reference_url": "https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", "reference_id": "g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T13:51:44Z/" } ], "url": "https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl" }, { "reference_url": "https://github.com/advisories/GHSA-9f88-wg5r-947j", "reference_id": "GHSA-9f88-wg5r-947j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f88-wg5r-947j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-43717", "GHSA-9f88-wg5r-947j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-au4r-bwjy-rbdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135602?format=api", "vulnerability_id": "VCID-c1du-my8w-3kc4", "summary": "An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52909", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52906", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52924", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52781", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42504" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42504", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42504" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/28/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/28/6" }, { "reference_url": "https://github.com/advisories/GHSA-3hp7-4qq4-v5c6", "reference_id": "GHSA-3hp7-4qq4-v5c6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3hp7-4qq4-v5c6" }, { "reference_url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l", "reference_id": "yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/" } ], "url": "https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31859?format=api", "purl": "pkg:pypi/apache-superset@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0" } ], "aliases": [ "CVE-2023-42504", "GHSA-3hp7-4qq4-v5c6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c1du-my8w-3kc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163340?format=api", "vulnerability_id": "VCID-cmt6-zps1-1yaa", "summary": "An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43720", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01468", "scoring_system": "epss", "scoring_elements": "0.81391", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01468", "scoring_system": "epss", "scoring_elements": "0.81383", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01787", "scoring_system": "epss", "scoring_elements": "0.83145", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43720" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43720", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43720" }, { "reference_url": "https://github.com/advisories/GHSA-fpmr-qmgh-42x2", "reference_id": "GHSA-fpmr-qmgh-42x2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fpmr-qmgh-42x2" }, { "reference_url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l", "reference_id": "jts6x56kghr9mbowb653bk70pl81jp8l", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:02:39Z/" } ], "url": "https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-43720", "GHSA-fpmr-qmgh-42x2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cmt6-zps1-1yaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121655?format=api", "vulnerability_id": "VCID-djyw-btmk-tyc1", "summary": "When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.\n\nThis issue affects Apache Superset: before 4.1.3.\n\nUsers are recommended to upgrade to version 4.1.3, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55673", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75893", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75887", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75808", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00881", "scoring_system": "epss", "scoring_elements": "0.75879", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55673" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55673", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55673" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/08/14/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/08/14/3" }, { "reference_url": "https://github.com/advisories/GHSA-9g5x-mm39-wg9r", "reference_id": "GHSA-9g5x-mm39-wg9r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g5x-mm39-wg9r" }, { "reference_url": "https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8", "reference_id": "h2hw756wk4sj4z49blvzkr5fntl9hlf8", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T14:02:38Z/" } ], "url": "https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377620?format=api", "purl": "pkg:pypi/apache-superset@4.1.3.post1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.3.post1" } ], "aliases": [ "CVE-2025-55673", "GHSA-9g5x-mm39-wg9r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-djyw-btmk-tyc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145979?format=api", "vulnerability_id": "VCID-ew1h-9gne-ckda", "summary": "An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27525", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67893", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67901", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67804", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00533", "scoring_system": "epss", "scoring_elements": "0.67905", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27525" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27525", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27525" }, { "reference_url": "https://github.com/advisories/GHSA-7jhg-8m74-6f6g", "reference_id": "GHSA-7jhg-8m74-6f6g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jhg-8m74-6f6g" }, { "reference_url": "https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77", "reference_id": "wpv7b17zjg2pmvpfkdd6nn8sco8y2q77", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:03:40Z/" } ], "url": "https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379603?format=api", "purl": "pkg:pypi/apache-superset@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0" } ], "aliases": [ "CVE-2023-27525", "GHSA-7jhg-8m74-6f6g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ew1h-9gne-ckda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46704?format=api", "vulnerability_id": "VCID-f3cr-98hh-qygb", "summary": "An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.\n\nThis issue affects Apache Superset: before 4.0.2.\n\nUsers are recommended to upgrade to version 4.0.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.61396", "scoring_system": "epss", "scoring_elements": "0.98352", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.61396", "scoring_system": "epss", "scoring_elements": "0.98359", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.61396", "scoring_system": "epss", "scoring_elements": "0.98358", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39887" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/16/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/16/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39887", "reference_id": "CVE-2024-39887", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39887" }, { "reference_url": "https://github.com/advisories/GHSA-2q6j-vpvr-6pvj", "reference_id": "GHSA-2q6j-vpvr-6pvj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2q6j-vpvr-6pvj" }, { "reference_url": "https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz", "reference_id": "j55vm41jg3l0x6w49zrmvbf3k0ts5fqz", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/" } ], "url": "https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32665?format=api", "purl": "pkg:pypi/apache-superset@4.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.2" } ], "aliases": [ "CVE-2024-39887", "GHSA-2q6j-vpvr-6pvj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cr-98hh-qygb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135563?format=api", "vulnerability_id": "VCID-fuze-h6b7-p7ej", "summary": "Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27605", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27615", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.2763", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00101", "scoring_system": "epss", "scoring_elements": "0.27402", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42501" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42501", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42501" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/27/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/27/3" }, { "reference_url": "https://github.com/advisories/GHSA-vv65-fjfj-4736", "reference_id": "GHSA-vv65-fjfj-4736", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vv65-fjfj-4736" }, { "reference_url": "https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh", "reference_id": "vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/" } ], "url": "https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31858?format=api", "purl": "pkg:pypi/apache-superset@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2" } ], "aliases": [ "CVE-2023-42501", "GHSA-vv65-fjfj-4736" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fuze-h6b7-p7ej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61980?format=api", "vulnerability_id": "VCID-fw5g-fb97-5qgv", "summary": "A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24772", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69333", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69342", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00575", "scoring_system": "epss", "scoring_elements": "0.69345", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24772" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/28/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/28/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24772", "reference_id": "CVE-2024-24772", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24772" }, { "reference_url": "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5", "reference_id": "gfl3ckwy6y9tpz9jmpv62orh2q346sn5", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T17:55:04Z/" } ], "url": "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5" }, { "reference_url": "https://github.com/advisories/GHSA-m6jm-3v38-76j4", "reference_id": "GHSA-m6jm-3v38-76j4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6jm-3v38-76j4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29411?format=api", "purl": "pkg:pypi/apache-superset@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29413?format=api", "purl": "pkg:pypi/apache-superset@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1" } ], "aliases": [ "CVE-2024-24772", "GHSA-m6jm-3v38-76j4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fw5g-fb97-5qgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162997?format=api", "vulnerability_id": "VCID-ggry-wydz-j3az", "summary": "Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43718", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00448", "scoring_system": "epss", "scoring_elements": "0.64004", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66434", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66446", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00498", "scoring_system": "epss", "scoring_elements": "0.66448", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43718" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43718", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43718" }, { "reference_url": "https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r", "reference_id": "8615608jt2x7b3rmqrtngldy8pn3nz2r", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:05:57Z/" } ], "url": "https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r" }, { "reference_url": "https://github.com/advisories/GHSA-79x5-cv79-49rj", "reference_id": "GHSA-79x5-cv79-49rj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79x5-cv79-49rj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-43718", "GHSA-79x5-cv79-49rj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ggry-wydz-j3az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41369?format=api", "vulnerability_id": "VCID-h8px-dtx8-7ucd", "summary": "A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26016", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48443", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48585", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48599", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00249", "scoring_system": "epss", "scoring_elements": "0.48581", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26016" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/28/7", "reference_id": "7", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/28/7" }, { "reference_url": "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s", "reference_id": "76v1jjcylgk4p3m0258qr359ook3vl8s", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/" } ], "url": "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26016", "reference_id": "CVE-2024-26016", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26016" }, { "reference_url": "https://github.com/advisories/GHSA-3v9r-885j-762g", "reference_id": "GHSA-3v9r-885j-762g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v9r-885j-762g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29411?format=api", "purl": "pkg:pypi/apache-superset@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29413?format=api", "purl": "pkg:pypi/apache-superset@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1" } ], "aliases": [ "CVE-2024-26016", "GHSA-3v9r-885j-762g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h8px-dtx8-7ucd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172608?format=api", "vulnerability_id": "VCID-hb6y-7ujs-bfe9", "summary": "A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41703", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.782", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.78208", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01068", "scoring_system": "epss", "scoring_elements": "0.78213", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01302", "scoring_system": "epss", "scoring_elements": "0.80169", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41703" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41703", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41703" }, { "reference_url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos", "reference_id": "g7jjw0okxjk5y57pbbxy19ydw42kqcos", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:32:13Z/" } ], "url": "https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos" }, { "reference_url": "https://github.com/advisories/GHSA-cxvp-3frm-3876", "reference_id": "GHSA-cxvp-3frm-3876", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cxvp-3frm-3876" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-41703", "GHSA-cxvp-3frm-3876" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hb6y-7ujs-bfe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357681?format=api", "vulnerability_id": "VCID-jbtq-unbj-nyez", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49736", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66233", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66328", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66341", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00496", "scoring_system": "epss", "scoring_elements": "0.66339", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49736" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751" }, { "reference_url": "https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d" }, { "reference_url": "https://github.com/apache/superset/pull/25779", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/pull/25779" }, { "reference_url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49736", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49736" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/2" }, { "reference_url": "https://github.com/advisories/GHSA-jfxj-xf67-x723", "reference_id": "GHSA-jfxj-xf67-x723", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jfxj-xf67-x723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380149?format=api", "purl": "pkg:pypi/apache-superset@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380150?format=api", "purl": "pkg:pypi/apache-superset@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2" } ], "aliases": [ "CVE-2023-49736", "GHSA-jfxj-xf67-x723" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbtq-unbj-nyez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129684?format=api", "vulnerability_id": "VCID-jkea-eab6-rubm", "summary": "An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50521", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50526", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50539", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50388", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-30776" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30776", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-30776" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/04/24/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/04/24/3" }, { "reference_url": "https://github.com/advisories/GHSA-cmjc-52fg-9f7j", "reference_id": "GHSA-cmjc-52fg-9f7j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cmjc-52fg-9f7j" }, { "reference_url": "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz", "reference_id": "s9w9w10mt2sngk3solwnmq5k7md53tsz", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:45Z/" } ], "url": "https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379603?format=api", "purl": "pkg:pypi/apache-superset@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0" } ], "aliases": [ "CVE-2023-30776", "GHSA-cmjc-52fg-9f7j" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jkea-eab6-rubm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/356796?format=api", "vulnerability_id": "VCID-meyp-4j5x-sfbt", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43701", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47068", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47209", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47223", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00237", "scoring_system": "epss", "scoring_elements": "0.47205", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-43701" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43701" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/11/27/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/11/27/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/27/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/27/4" }, { "reference_url": "https://github.com/advisories/GHSA-wq8q-99p5-xfrw", "reference_id": "GHSA-wq8q-99p5-xfrw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wq8q-99p5-xfrw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31858?format=api", "purl": "pkg:pypi/apache-superset@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2" } ], "aliases": [ "CVE-2023-43701", "GHSA-wq8q-99p5-xfrw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-meyp-4j5x-sfbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121675?format=api", "vulnerability_id": "VCID-mjty-hv8c-mbck", "summary": "A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.5972", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.5971", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59599", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00376", "scoring_system": "epss", "scoring_elements": "0.59708", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55674" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55674", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55674" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/08/14/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/08/14/5" }, { "reference_url": "https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo", "reference_id": "cn49ps15ny3g2b1qzdg5mj7hp47p5jdo", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:49:40Z/" } ], "url": "https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo" }, { "reference_url": "https://github.com/advisories/GHSA-fxgf-3xh6-m2pp", "reference_id": "GHSA-fxgf-3xh6-m2pp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxgf-3xh6-m2pp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377635?format=api", "purl": "pkg:pypi/apache-superset@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0" } ], "aliases": [ "CVE-2025-55674", "GHSA-fxgf-3xh6-m2pp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mjty-hv8c-mbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44491?format=api", "vulnerability_id": "VCID-mwbp-vuvw-mua1", "summary": "Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53948", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3865", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38466", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38661", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38639", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53948" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53948", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53948" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/12/09/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/12/09/3" }, { "reference_url": "https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf", "reference_id": "8howpf3png0wrgpls46ggk441oczlfvf", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:04:23Z/" } ], "url": "https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf" }, { "reference_url": "https://github.com/advisories/GHSA-2cx9-54hp-r698", "reference_id": "GHSA-2cx9-54hp-r698", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2cx9-54hp-r698" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372313?format=api", "purl": "pkg:pypi/apache-superset@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0" } ], "aliases": [ "CVE-2024-53948", "GHSA-2cx9-54hp-r698" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbp-vuvw-mua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/118233?format=api", "vulnerability_id": "VCID-pvr6-v3ds-sqcr", "summary": "An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56887", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56876", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56751", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56872", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-48912" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48912", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48912" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/30/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/30/3" }, { "reference_url": "https://github.com/advisories/GHSA-8w7f-8pr9-xgwj", "reference_id": "GHSA-8w7f-8pr9-xgwj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w7f-8pr9-xgwj" }, { "reference_url": "https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135", "reference_id": "ms2t2oq218hb7l628trsogo4fj7h1135", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T12:55:47Z/" } ], "url": "https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39576?format=api", "purl": "pkg:pypi/apache-superset@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2" } ], "aliases": [ "CVE-2025-48912", "GHSA-8w7f-8pr9-xgwj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvr6-v3ds-sqcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/133132?format=api", "vulnerability_id": "VCID-q2f7-jq7w-vkc5", "summary": "A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.\n\nFor 2.X versions, users should change their config to include:\n\nTALISMAN_CONFIG = {\n \"content_security_policy\": {\n \"base-uri\": [\"'self'\"],\n \"default-src\": [\"'self'\"],\n \"img-src\": [\"'self'\", \"blob:\", \"data:\"],\n \"worker-src\": [\"'self'\", \"blob:\"],\n \"connect-src\": [\n \"'self'\",\n \" https://api.mapbox.com\" https://api.mapbox.com\" ;,\n \" https://events.mapbox.com\" https://events.mapbox.com\" ;,\n ],\n \"object-src\": \"'none'\",\n \"style-src\": [\n \"'self'\",\n \"'unsafe-inline'\",\n ],\n \"script-src\": [\"'self'\", \"'strict-dynamic'\"],\n },\n \"content_security_policy_nonce_in\": [\"script-src\"],\n \"force_https\": False,\n \"session_cookie_secure\": False,\n}", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61191", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61081", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61195", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61187", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49657" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/23/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/23/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49657", "reference_id": "CVE-2023-49657", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49657" }, { "reference_url": "https://github.com/advisories/GHSA-rwhh-6x83-84v6", "reference_id": "GHSA-rwhh-6x83-84v6", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rwhh-6x83-84v6" }, { "reference_url": "https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx", "reference_id": "wjyvz8om9nwd396lh0bt156mtwjxpsvx", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:03:28Z/" } ], "url": "https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28540?format=api", "purl": "pkg:pypi/apache-superset@3.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.3" } ], "aliases": [ "CVE-2023-49657", "GHSA-rwhh-6x83-84v6" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2f7-jq7w-vkc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61646?format=api", "vulnerability_id": "VCID-rkx2-ky5w-myce", "summary": "Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35496", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35502", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35518", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0015", "scoring_system": "epss", "scoring_elements": "0.35318", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24773" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/28/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/28/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24773", "reference_id": "CVE-2024-24773", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24773" }, { "reference_url": "https://github.com/advisories/GHSA-5474-f7g5-273q", "reference_id": "GHSA-5474-f7g5-273q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5474-f7g5-273q" }, { "reference_url": "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501", "reference_id": "h66fy6nj41cfx07zh7l552w6dmtjh501", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/" } ], "url": "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29411?format=api", "purl": "pkg:pypi/apache-superset@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29413?format=api", "purl": "pkg:pypi/apache-superset@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1" } ], "aliases": [ "CVE-2024-24773", "GHSA-5474-f7g5-273q" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-ky5w-myce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132563?format=api", "vulnerability_id": "VCID-s7bz-64kr-9yfs", "summary": "Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46104", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69723", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69825", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69828", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00592", "scoring_system": "epss", "scoring_elements": "0.69813", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46104" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154" }, { "reference_url": "https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46104", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46104" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/14/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/14/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/14/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/14/3" }, { "reference_url": "https://github.com/advisories/GHSA-95mg-jgfx-54v9", "reference_id": "GHSA-95mg-jgfx-54v9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95mg-jgfx-54v9" }, { "reference_url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", "reference_id": "yxbxg4wryb7cb7wyybk11l5nqy0rsrvl", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/" } ], "url": "https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/31858?format=api", "purl": "pkg:pypi/apache-superset@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/380328?format=api", "purl": "pkg:pypi/apache-superset@3.1.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.0rc1" } ], "aliases": [ "CVE-2023-46104", "GHSA-95mg-jgfx-54v9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bz-64kr-9yfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/357680?format=api", "vulnerability_id": "VCID-ss9d-ku99-b3gf", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49734", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33845", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34022", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34045", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34024", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-49734" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6" }, { "reference_url": "https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0" }, { "reference_url": "https://github.com/apache/superset/pull/25843", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/pull/25843" }, { "reference_url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49734", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49734" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/19/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/19/3" }, { "reference_url": "https://github.com/advisories/GHSA-g49j-j489-3xpf", "reference_id": "GHSA-g49j-j489-3xpf", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g49j-j489-3xpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/380149?format=api", "purl": "pkg:pypi/apache-superset@2.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/380150?format=api", "purl": "pkg:pypi/apache-superset@3.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2" } ], "aliases": [ "CVE-2023-49734", "GHSA-g49j-j489-3xpf" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9d-ku99-b3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139194?format=api", "vulnerability_id": "VCID-tf8b-bq3r-2fhc", "summary": "By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34025", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34027", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.33849", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34048", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39264" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39264", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39264" }, { "reference_url": "https://github.com/advisories/GHSA-cpvx-2365-466c", "reference_id": "GHSA-cpvx-2365-466c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cpvx-2365-466c" }, { "reference_url": "https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75", "reference_id": "y65t1of7hb445n86o1vdzjct7rfwlx75", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:48:40Z/" } ], "url": "https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-39264", "GHSA-cpvx-2365-466c" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tf8b-bq3r-2fhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66654?format=api", "vulnerability_id": "VCID-tvfr-mp56-b7f4", "summary": "Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23980", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12784", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.1287", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12879", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12889", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23980" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/24/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/24/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23980", "reference_id": "CVE-2026-23980", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23980" }, { "reference_url": "https://github.com/advisories/GHSA-gvxg-9hqx-f4rg", "reference_id": "GHSA-gvxg-9hqx-f4rg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gvxg-9hqx-f4rg" }, { "reference_url": "https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4", "reference_id": "h4l02zw1pr2vywv0dc5zjn3grdcdhwf4", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:05:27Z/" } ], "url": "https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39575?format=api", "purl": "pkg:pypi/apache-superset@6.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0" } ], "aliases": [ "CVE-2026-23980", "GHSA-gvxg-9hqx-f4rg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfr-mp56-b7f4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66947?format=api", "vulnerability_id": "VCID-ubwg-81j2-8yhd", "summary": "An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.\nWhile the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23984", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12856", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12943", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12952", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12963", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23984" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/24/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/24/8" }, { "reference_url": "https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26", "reference_id": "72cmgxtvp9pclto4ln1chbs1227nwd26", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:51:19Z/" } ], "url": "https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23984", "reference_id": "CVE-2026-23984", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23984" }, { "reference_url": "https://github.com/advisories/GHSA-mwf2-qr4v-94h2", "reference_id": "GHSA-mwf2-qr4v-94h2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mwf2-qr4v-94h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39575?format=api", "purl": "pkg:pypi/apache-superset@6.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0" } ], "aliases": [ "CVE-2026-23984", "GHSA-mwf2-qr4v-94h2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ubwg-81j2-8yhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66960?format=api", "vulnerability_id": "VCID-us7y-vvzr-2fea", "summary": "A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag.\nWhen these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data \n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17696", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17688", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17536", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17713", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-23983" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/24/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/24/7" }, { "reference_url": "https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww", "reference_id": "62mgbc5hc8026skp69kb6vqozj3pr5ww", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:46:54Z/" } ], "url": "https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23983", "reference_id": "CVE-2026-23983", "reference_type": "", "scores": [ { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23983" }, { "reference_url": "https://github.com/advisories/GHSA-h294-8fxm-m2pj", "reference_id": "GHSA-h294-8fxm-m2pj", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h294-8fxm-m2pj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39575?format=api", "purl": "pkg:pypi/apache-superset@6.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0" } ], "aliases": [ "CVE-2026-23983", "GHSA-h294-8fxm-m2pj" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-us7y-vvzr-2fea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61796?format=api", "vulnerability_id": "VCID-uxws-xum3-efgv", "summary": "Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24779", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32612", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.3261", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32633", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00133", "scoring_system": "epss", "scoring_elements": "0.32432", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24779" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/28/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/28/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24779", "reference_id": "CVE-2024-24779", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24779" }, { "reference_url": "https://github.com/advisories/GHSA-wr6g-9wcr-cmqj", "reference_id": "GHSA-wr6g-9wcr-cmqj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wr6g-9wcr-cmqj" }, { "reference_url": "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq", "reference_id": "xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "5.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/" } ], "url": "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29411?format=api", "purl": "pkg:pypi/apache-superset@3.0.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/29413?format=api", "purl": "pkg:pypi/apache-superset@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1" } ], "aliases": [ "CVE-2024-24779", "GHSA-wr6g-9wcr-cmqj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxws-xum3-efgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163104?format=api", "vulnerability_id": "VCID-uyy9-mrk5-fbhd", "summary": "An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43721", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00651", "scoring_system": "epss", "scoring_elements": "0.71365", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00724", "scoring_system": "epss", "scoring_elements": "0.73105", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00724", "scoring_system": "epss", "scoring_elements": "0.73108", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00724", "scoring_system": "epss", "scoring_elements": "0.73092", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43721" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43721", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43721" }, { "reference_url": "https://github.com/advisories/GHSA-fcg4-pm6h-9xx2", "reference_id": "GHSA-fcg4-pm6h-9xx2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fcg4-pm6h-9xx2" }, { "reference_url": "https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg", "reference_id": "s6sqt5jmcv6qxtvdot1t5tpt57v439kg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:00:49Z/" } ], "url": "https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-43721", "GHSA-fcg4-pm6h-9xx2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyy9-mrk5-fbhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/121536?format=api", "vulnerability_id": "VCID-v735-muyq-h7hr", "summary": "A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44475", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44316", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44469", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00217", "scoring_system": "epss", "scoring_elements": "0.44488", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-55672" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55672", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-55672" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/08/14/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/08/14/4" }, { "reference_url": "https://github.com/advisories/GHSA-fj97-2v9x-w5m4", "reference_id": "GHSA-fj97-2v9x-w5m4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fj97-2v9x-w5m4" }, { "reference_url": "https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj", "reference_id": "rvh7fdjfzxzjhcfwoz7twc2brhvochdj", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:52:16Z/" } ], "url": "https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/377635?format=api", "purl": "pkg:pypi/apache-superset@5.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0" } ], "aliases": [ "CVE-2025-55672", "GHSA-fj97-2v9x-w5m4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v735-muyq-h7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49457?format=api", "vulnerability_id": "VCID-vafu-fk53-6yd4", "summary": "Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0\n\nUsers are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12622", "scoring_system": "epss", "scoring_elements": "0.94122", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.12622", "scoring_system": "epss", "scoring_elements": "0.9415", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.12622", "scoring_system": "epss", "scoring_elements": "0.94148", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.12622", "scoring_system": "epss", "scoring_elements": "0.94143", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-34693" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/20/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/20/1" }, { "reference_url": "https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon", "reference_id": "1803x1s34m7r71h1k0q1njol8k6fmyon", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/" } ], "url": "https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34693", "reference_id": "CVE-2024-34693", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N" }, { "value": "4.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34693" }, { "reference_url": "https://github.com/advisories/GHSA-hcr7-cqwc-q5gq", "reference_id": "GHSA-hcr7-cqwc-q5gq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hcr7-cqwc-q5gq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32255?format=api", "purl": "pkg:pypi/apache-superset@3.1.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/32254?format=api", "purl": "pkg:pypi/apache-superset@4.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.1" } ], "aliases": [ "CVE-2024-34693", "GHSA-hcr7-cqwc-q5gq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vafu-fk53-6yd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162857?format=api", "vulnerability_id": "VCID-w4pb-uqe1-27cv", "summary": "Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00456", "scoring_system": "epss", "scoring_elements": "0.64305", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81766", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81773", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.01528", "scoring_system": "epss", "scoring_elements": "0.81764", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43719" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43719", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43719" }, { "reference_url": "https://github.com/advisories/GHSA-7222-r37x-8q3m", "reference_id": "GHSA-7222-r37x-8q3m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7222-r37x-8q3m" }, { "reference_url": "https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0", "reference_id": "xc309h2dphrkg33154djf3nqlh2xc1c0", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-07T15:03:55Z/" } ], "url": "https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/392789?format=api", "purl": "pkg:pypi/apache-superset@1.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/392790?format=api", "purl": "pkg:pypi/apache-superset@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1" } ], "aliases": [ "CVE-2022-43719", "GHSA-7222-r37x-8q3m" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pb-uqe1-27cv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/143173?format=api", "vulnerability_id": "VCID-wgd2-ud3v-gkdw", "summary": "An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38662", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38673", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38488", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00173", "scoring_system": "epss", "scoring_elements": "0.38684", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-32672" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32672", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32672" }, { "reference_url": "https://github.com/advisories/GHSA-95ch-p3gw-23qg", "reference_id": "GHSA-95ch-p3gw-23qg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95ch-p3gw-23qg" }, { "reference_url": "https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp", "reference_id": "ococ6nlj80f0okkwfwpjczy3q84j3wkp", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:46:32Z/" } ], "url": "https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/650113?format=api", "purl": "pkg:pypi/apache-superset@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/379698?format=api", "purl": "pkg:pypi/apache-superset@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1" } ], "aliases": [ "CVE-2023-32672", "GHSA-95ch-p3gw-23qg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgd2-ud3v-gkdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=api", "vulnerability_id": "VCID-xsmf-gtwu-1kae", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61214", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61219", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61108", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00399", "scoring_system": "epss", "scoring_elements": "0.61223", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-53947" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53947", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53947" }, { "reference_url": "https://github.com/advisories/GHSA-92qf-8gh3-gwcm", "reference_id": "GHSA-92qf-8gh3-gwcm", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92qf-8gh3-gwcm" }, { "reference_url": "https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn", "reference_id": "hj3gfsjh67vqw12nlrshlsym4bkopjmn", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:05:04Z/" } ], "url": "https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372313?format=api", "purl": "pkg:pypi/apache-superset@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0" } ], "aliases": [ "CVE-2024-53947", "GHSA-92qf-8gh3-gwcm" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsmf-gtwu-1kae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/145658?format=api", "vulnerability_id": "VCID-yyh5-z2zn-h7h7", "summary": "Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.84026", "scoring_system": "epss", "scoring_elements": "0.99323", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.84026", "scoring_system": "epss", "scoring_elements": "0.99325", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.84026", "scoring_system": "epss", "scoring_elements": "0.99326", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27524" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27524", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27524" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/04/24/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/04/24/2" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/04/24/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/04/24/2" }, { "reference_url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html", "reference_id": "Apache-Superset-2.0.0-Authentication-Bypass.html", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/" } ], "url": "https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html" }, { "reference_url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html", "reference_id": "Apache-Superset-2.0.0-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/" } ], "url": "https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py", "reference_id": "CVE-2023-27524", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py" }, { "reference_url": "https://github.com/advisories/GHSA-5cx2-vq3h-x52c", "reference_id": "GHSA-5cx2-vq3h-x52c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5cx2-vq3h-x52c" }, { "reference_url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk", "reference_id": "n0ftx60sllf527j7g11kmt24wvof8xyk", "reference_type": "", "scores": [ { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H" }, { "value": "8.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/" } ], "url": "https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379603?format=api", "purl": "pkg:pypi/apache-superset@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0" } ], "aliases": [ "CVE-2023-27524", "GHSA-5cx2-vq3h-x52c" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyh5-z2zn-h7h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129436?format=api", "vulnerability_id": "VCID-yyqg-c3nw-nkdn", "summary": "A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery\nattacks and query internal resources on behalf of the server where Superset\nis deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36731", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36742", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36717", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36538", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25504" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25504", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25504" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/04/18/8", "reference_id": "8", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/04/18/8" }, { "reference_url": "https://github.com/advisories/GHSA-fxjg-28fm-pfxh", "reference_id": "GHSA-fxjg-28fm-pfxh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fxjg-28fm-pfxh" }, { "reference_url": "https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx", "reference_id": "tdnzkocfsqg2sbbornnp9g492fn4zhtx", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/" } ], "url": "https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/379603?format=api", "purl": "pkg:pypi/apache-superset@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-annr-p6ed-wbaz" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-czv8-b1v4-s3gv" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0" } ], "aliases": [ "CVE-2023-25504", "GHSA-fxjg-28fm-pfxh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyqg-c3nw-nkdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116858?format=api", "vulnerability_id": "VCID-zvzt-19xv-6ubd", "summary": "Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\n\nThis issue affects Apache Superset: through 4.1.1.\n\nUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23681", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23671", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23484", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.2369", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27696" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27696", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27696" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/05/12/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/05/12/3" }, { "reference_url": "https://github.com/advisories/GHSA-w6c7-j32f-rq8j", "reference_id": "GHSA-w6c7-j32f-rq8j", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w6c7-j32f-rq8j" }, { "reference_url": "https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413", "reference_id": "k2od03bxnxs6vcp80sr03ywcxl194413", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T13:15:33Z/" } ], "url": "https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/39576?format=api", "purl": "pkg:pypi/apache-superset@4.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-v735-muyq-h7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2" } ], "aliases": [ "CVE-2025-27696", "GHSA-w6c7-j32f-rq8j" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zvzt-19xv-6ubd" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207662?format=api", "vulnerability_id": "VCID-2npv-nu15-6uee", "summary": "Insufficiently Protected Credentials in Apache Superset", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44451", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8336", "scoring_system": "epss", "scoring_elements": "0.99291", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.8336", "scoring_system": "epss", "scoring_elements": "0.99293", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.8336", "scoring_system": "epss", "scoring_elements": "0.99294", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44451" }, { "reference_url": "https://github.com/apache/superset", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/superset" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml" }, { "reference_url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44451", "reference_id": "CVE-2021-44451", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44451" }, { "reference_url": "https://github.com/advisories/GHSA-hhm3-48h2-597v", "reference_id": "GHSA-hhm3-48h2-597v", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhm3-48h2-597v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18921?format=api", "purl": "pkg:pypi/apache-superset@1.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-19em-abzu-5bd5" }, { "vulnerability": "VCID-1gqt-cpea-b7ht" }, { "vulnerability": "VCID-2bqf-unav-tbfs" }, { "vulnerability": "VCID-35bq-93h8-qufg" }, { "vulnerability": "VCID-3aw6-59a3-eba8" }, { "vulnerability": "VCID-3q94-rkzw-q7bb" }, { "vulnerability": "VCID-3sh2-fv5f-jkh5" }, { "vulnerability": "VCID-46y8-wuk7-hfad" }, { "vulnerability": "VCID-4axb-e4nm-3fcy" }, { "vulnerability": "VCID-58d5-z1y6-qffj" }, { "vulnerability": "VCID-5m3g-6uya-1fe3" }, { "vulnerability": "VCID-6brk-rjs7-67he" }, { "vulnerability": "VCID-8bqq-wrc2-b3de" }, { "vulnerability": "VCID-8qnw-zrab-y3ac" }, { "vulnerability": "VCID-8s2r-g7nq-9qcm" }, { "vulnerability": "VCID-98eq-5ynn-2ba5" }, { "vulnerability": "VCID-9wan-6z96-uudu" }, { "vulnerability": "VCID-au4r-bwjy-rbdw" }, { "vulnerability": "VCID-c1du-my8w-3kc4" }, { "vulnerability": "VCID-cmt6-zps1-1yaa" }, { "vulnerability": "VCID-djyw-btmk-tyc1" }, { "vulnerability": "VCID-ew1h-9gne-ckda" }, { "vulnerability": "VCID-f3cr-98hh-qygb" }, { "vulnerability": "VCID-fuze-h6b7-p7ej" }, { "vulnerability": "VCID-fw5g-fb97-5qgv" }, { "vulnerability": "VCID-ggry-wydz-j3az" }, { "vulnerability": "VCID-h8px-dtx8-7ucd" }, { "vulnerability": "VCID-hb6y-7ujs-bfe9" }, { "vulnerability": "VCID-jbtq-unbj-nyez" }, { "vulnerability": "VCID-jkea-eab6-rubm" }, { "vulnerability": "VCID-meyp-4j5x-sfbt" }, { "vulnerability": "VCID-mjty-hv8c-mbck" }, { "vulnerability": "VCID-mwbp-vuvw-mua1" }, { "vulnerability": "VCID-pvr6-v3ds-sqcr" }, { "vulnerability": "VCID-q2f7-jq7w-vkc5" }, { "vulnerability": "VCID-rkx2-ky5w-myce" }, { "vulnerability": "VCID-s7bz-64kr-9yfs" }, { "vulnerability": "VCID-ss9d-ku99-b3gf" }, { "vulnerability": "VCID-tf8b-bq3r-2fhc" }, { "vulnerability": "VCID-tvfr-mp56-b7f4" }, { "vulnerability": "VCID-ubwg-81j2-8yhd" }, { "vulnerability": "VCID-us7y-vvzr-2fea" }, { "vulnerability": "VCID-uxws-xum3-efgv" }, { "vulnerability": "VCID-uyy9-mrk5-fbhd" }, { "vulnerability": "VCID-v735-muyq-h7hr" }, { "vulnerability": "VCID-vafu-fk53-6yd4" }, { "vulnerability": "VCID-w4pb-uqe1-27cv" }, { "vulnerability": "VCID-wgd2-ud3v-gkdw" }, { "vulnerability": "VCID-xsmf-gtwu-1kae" }, { "vulnerability": "VCID-yyh5-z2zn-h7h7" }, { "vulnerability": "VCID-yyqg-c3nw-nkdn" }, { "vulnerability": "VCID-zvzt-19xv-6ubd" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.0" } ], "aliases": [ "BIT-superset-2021-44451", "CVE-2021-44451", "GHSA-hhm3-48h2-597v", "PYSEC-2022-36" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2npv-nu15-6uee" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.0" }