Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-superset@1.3.2
Typepypi
Namespace
Nameapache-superset
Version1.3.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.0
Latest_non_vulnerable_version6.0.0
Affected_by_vulnerabilities
0
url VCID-19em-abzu-5bd5
vulnerability_id VCID-19em-abzu-5bd5
summary 
An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.


This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27315
reference_id
reference_type
scores
0
value 0.00131
scoring_system epss
scoring_elements 0.32284
published_at 2026-06-12T12:55:00Z
1
value 0.00131
scoring_system epss
scoring_elements 0.321
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27315
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/28/3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/02/28/3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27315
reference_id CVE-2024-27315
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27315
4
reference_url https://github.com/advisories/GHSA-h7r6-8qmm-hj5r
reference_id GHSA-h7r6-8qmm-hj5r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h7r6-8qmm-hj5r
5
reference_url https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z
reference_id qcwbx7q2s3ynsd405895bx3wcwq32j7z
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T16:03:10Z/
url https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z
fixed_packages
0
url pkg:pypi/apache-superset@3.0.4
purl pkg:pypi/apache-superset@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4
1
url pkg:pypi/apache-superset@3.1.1
purl pkg:pypi/apache-superset@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1
aliases CVE-2024-27315, GHSA-h7r6-8qmm-hj5r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-19em-abzu-5bd5
1
url VCID-1gqt-cpea-b7ht
vulnerability_id VCID-1gqt-cpea-b7ht
summary 
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. 

This issue affects Apache Superset: before 4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55633
reference_id
reference_type
scores
0
value 0.01043
scoring_system epss
scoring_elements 0.7795
published_at 2026-06-12T12:55:00Z
1
value 0.01043
scoring_system epss
scoring_elements 0.77881
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55633
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55633
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55633
3
reference_url http://www.openwall.com/lists/oss-security/2024/12/12/1
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/12/1
4
reference_url https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb
reference_id bwmd17fcvljt9q4cgctp4v09zh3qs7fb
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:27:53Z/
url https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb
5
reference_url https://github.com/advisories/GHSA-787v-v9vq-4rgv
reference_id GHSA-787v-v9vq-4rgv
reference_type
scores
url https://github.com/advisories/GHSA-787v-v9vq-4rgv
fixed_packages
0
url pkg:pypi/apache-superset@4.1.0
purl pkg:pypi/apache-superset@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-35bq-93h8-qufg
2
vulnerability VCID-8bqq-wrc2-b3de
3
vulnerability VCID-djyw-btmk-tyc1
4
vulnerability VCID-mjty-hv8c-mbck
5
vulnerability VCID-pvr6-v3ds-sqcr
6
vulnerability VCID-tvfr-mp56-b7f4
7
vulnerability VCID-ubwg-81j2-8yhd
8
vulnerability VCID-us7y-vvzr-2fea
9
vulnerability VCID-v735-muyq-h7hr
10
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0
aliases CVE-2024-55633, GHSA-787v-v9vq-4rgv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqt-cpea-b7ht
2
url VCID-2bqf-unav-tbfs
vulnerability_id VCID-2bqf-unav-tbfs
summary 
Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55675
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.49028
published_at 2026-06-12T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48892
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55675
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55675
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55675
3
reference_url http://www.openwall.com/lists/oss-security/2025/08/14/6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/14/6
4
reference_url https://github.com/advisories/GHSA-mhpq-m962-mg92
reference_id GHSA-mhpq-m962-mg92
reference_type
scores
url https://github.com/advisories/GHSA-mhpq-m962-mg92
5
reference_url https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33
reference_id op681b4kbd7g84tfjf9omz0sxggbcv33
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:47:53Z/
url https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33
fixed_packages
0
url pkg:pypi/apache-superset@5.0.0
purl pkg:pypi/apache-superset@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8bqq-wrc2-b3de
1
vulnerability VCID-tvfr-mp56-b7f4
2
vulnerability VCID-ubwg-81j2-8yhd
3
vulnerability VCID-us7y-vvzr-2fea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0
aliases CVE-2025-55675, GHSA-mhpq-m962-mg92
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqf-unav-tbfs
3
url VCID-2npv-nu15-6uee
vulnerability_id VCID-2npv-nu15-6uee
summary Insufficiently Protected Credentials in Apache Superset
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-44451
reference_id
reference_type
scores
0
value 0.8336
scoring_system epss
scoring_elements 0.99291
published_at 2026-06-11T12:55:00Z
1
value 0.8336
scoring_system epss
scoring_elements 0.99294
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-44451
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml
3
reference_url https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-44451
reference_id CVE-2021-44451
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-44451
5
reference_url https://github.com/advisories/GHSA-hhm3-48h2-597v
reference_id GHSA-hhm3-48h2-597v
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-hhm3-48h2-597v
fixed_packages
0
url pkg:pypi/apache-superset@1.4.0
purl pkg:pypi/apache-superset@1.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-3q94-rkzw-q7bb
6
vulnerability VCID-3sh2-fv5f-jkh5
7
vulnerability VCID-46y8-wuk7-hfad
8
vulnerability VCID-4axb-e4nm-3fcy
9
vulnerability VCID-58d5-z1y6-qffj
10
vulnerability VCID-5m3g-6uya-1fe3
11
vulnerability VCID-6brk-rjs7-67he
12
vulnerability VCID-8bqq-wrc2-b3de
13
vulnerability VCID-8qnw-zrab-y3ac
14
vulnerability VCID-8s2r-g7nq-9qcm
15
vulnerability VCID-98eq-5ynn-2ba5
16
vulnerability VCID-9wan-6z96-uudu
17
vulnerability VCID-au4r-bwjy-rbdw
18
vulnerability VCID-c1du-my8w-3kc4
19
vulnerability VCID-cmt6-zps1-1yaa
20
vulnerability VCID-djyw-btmk-tyc1
21
vulnerability VCID-ew1h-9gne-ckda
22
vulnerability VCID-f3cr-98hh-qygb
23
vulnerability VCID-fuze-h6b7-p7ej
24
vulnerability VCID-fw5g-fb97-5qgv
25
vulnerability VCID-ggry-wydz-j3az
26
vulnerability VCID-h8px-dtx8-7ucd
27
vulnerability VCID-hb6y-7ujs-bfe9
28
vulnerability VCID-jbtq-unbj-nyez
29
vulnerability VCID-jkea-eab6-rubm
30
vulnerability VCID-meyp-4j5x-sfbt
31
vulnerability VCID-mjty-hv8c-mbck
32
vulnerability VCID-mwbp-vuvw-mua1
33
vulnerability VCID-pvr6-v3ds-sqcr
34
vulnerability VCID-q2f7-jq7w-vkc5
35
vulnerability VCID-rkx2-ky5w-myce
36
vulnerability VCID-s7bz-64kr-9yfs
37
vulnerability VCID-ss9d-ku99-b3gf
38
vulnerability VCID-tf8b-bq3r-2fhc
39
vulnerability VCID-tvfr-mp56-b7f4
40
vulnerability VCID-ubwg-81j2-8yhd
41
vulnerability VCID-us7y-vvzr-2fea
42
vulnerability VCID-uxws-xum3-efgv
43
vulnerability VCID-uyy9-mrk5-fbhd
44
vulnerability VCID-v735-muyq-h7hr
45
vulnerability VCID-vafu-fk53-6yd4
46
vulnerability VCID-w4pb-uqe1-27cv
47
vulnerability VCID-wgd2-ud3v-gkdw
48
vulnerability VCID-xsmf-gtwu-1kae
49
vulnerability VCID-yyh5-z2zn-h7h7
50
vulnerability VCID-yyqg-c3nw-nkdn
51
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.0
aliases BIT-superset-2021-44451, CVE-2021-44451, GHSA-hhm3-48h2-597v, PYSEC-2022-36
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2npv-nu15-6uee
4
url VCID-35bq-93h8-qufg
vulnerability_id VCID-35bq-93h8-qufg
summary 
Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.

This issue affects Apache Superset: before 4.1.2.

Users are recommended to upgrade to version 4.1.2, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23969
reference_id
reference_type
scores
0
value 0.00069
scoring_system epss
scoring_elements 0.21637
published_at 2026-06-12T12:55:00Z
1
value 0.00069
scoring_system epss
scoring_elements 0.21453
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23969
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/24/4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/24/4
3
reference_url https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd
reference_id 2q22sp4oj3krcgdkxchhtht0vgwp2wnd
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:03:24Z/
url https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23969
reference_id CVE-2026-23969
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23969
5
reference_url https://github.com/advisories/GHSA-48m2-v2r8-h23m
reference_id GHSA-48m2-v2r8-h23m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-48m2-v2r8-h23m
fixed_packages
0
url pkg:pypi/apache-superset@4.1.2
purl pkg:pypi/apache-superset@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-8bqq-wrc2-b3de
2
vulnerability VCID-djyw-btmk-tyc1
3
vulnerability VCID-mjty-hv8c-mbck
4
vulnerability VCID-tvfr-mp56-b7f4
5
vulnerability VCID-ubwg-81j2-8yhd
6
vulnerability VCID-us7y-vvzr-2fea
7
vulnerability VCID-v735-muyq-h7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2
aliases CVE-2026-23969, GHSA-48m2-v2r8-h23m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-35bq-93h8-qufg
5
url VCID-3aw6-59a3-eba8
vulnerability_id VCID-3aw6-59a3-eba8
summary Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27523
reference_id
reference_type
scores
0
value 0.00072
scoring_system epss
scoring_elements 0.22235
published_at 2026-06-12T12:55:00Z
1
value 0.00072
scoring_system epss
scoring_elements 0.22044
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27523
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27523
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27523
3
reference_url https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h
reference_id 3y97nmwm956b6zg3l8dh9oj0w7dj945h
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:49:47Z/
url https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h
4
reference_url https://github.com/advisories/GHSA-v594-2c97-hx38
reference_id GHSA-v594-2c97-hx38
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v594-2c97-hx38
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-27523, GHSA-v594-2c97-hx38
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3aw6-59a3-eba8
6
url VCID-3q94-rkzw-q7bb
vulnerability_id VCID-3q94-rkzw-q7bb
summary Apache Superset allows authenticated users to access metadata they have no permission to
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37839
reference_id
reference_type
scores
0
value 0.00345
scoring_system epss
scoring_elements 0.57548
published_at 2026-06-12T12:55:00Z
1
value 0.00345
scoring_system epss
scoring_elements 0.57431
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37839
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503
3
reference_url https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37839
reference_id CVE-2021-37839
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37839
5
reference_url https://github.com/advisories/GHSA-748r-5r8q-273m
reference_id GHSA-748r-5r8q-273m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-748r-5r8q-273m
fixed_packages
0
url pkg:pypi/apache-superset@1.5.1
purl pkg:pypi/apache-superset@1.5.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-3sh2-fv5f-jkh5
6
vulnerability VCID-4axb-e4nm-3fcy
7
vulnerability VCID-58d5-z1y6-qffj
8
vulnerability VCID-5m3g-6uya-1fe3
9
vulnerability VCID-6brk-rjs7-67he
10
vulnerability VCID-8bqq-wrc2-b3de
11
vulnerability VCID-8qnw-zrab-y3ac
12
vulnerability VCID-8s2r-g7nq-9qcm
13
vulnerability VCID-98eq-5ynn-2ba5
14
vulnerability VCID-9wan-6z96-uudu
15
vulnerability VCID-annr-p6ed-wbaz
16
vulnerability VCID-au4r-bwjy-rbdw
17
vulnerability VCID-c1du-my8w-3kc4
18
vulnerability VCID-cmt6-zps1-1yaa
19
vulnerability VCID-djyw-btmk-tyc1
20
vulnerability VCID-ew1h-9gne-ckda
21
vulnerability VCID-f3cr-98hh-qygb
22
vulnerability VCID-fuze-h6b7-p7ej
23
vulnerability VCID-fw5g-fb97-5qgv
24
vulnerability VCID-ggry-wydz-j3az
25
vulnerability VCID-h8px-dtx8-7ucd
26
vulnerability VCID-hb6y-7ujs-bfe9
27
vulnerability VCID-jbtq-unbj-nyez
28
vulnerability VCID-jkea-eab6-rubm
29
vulnerability VCID-meyp-4j5x-sfbt
30
vulnerability VCID-mjty-hv8c-mbck
31
vulnerability VCID-mwbp-vuvw-mua1
32
vulnerability VCID-pvr6-v3ds-sqcr
33
vulnerability VCID-q2f7-jq7w-vkc5
34
vulnerability VCID-rkx2-ky5w-myce
35
vulnerability VCID-s7bz-64kr-9yfs
36
vulnerability VCID-ss9d-ku99-b3gf
37
vulnerability VCID-tf8b-bq3r-2fhc
38
vulnerability VCID-tvfr-mp56-b7f4
39
vulnerability VCID-ubwg-81j2-8yhd
40
vulnerability VCID-us7y-vvzr-2fea
41
vulnerability VCID-uxws-xum3-efgv
42
vulnerability VCID-uyy9-mrk5-fbhd
43
vulnerability VCID-v735-muyq-h7hr
44
vulnerability VCID-vafu-fk53-6yd4
45
vulnerability VCID-w4pb-uqe1-27cv
46
vulnerability VCID-wgd2-ud3v-gkdw
47
vulnerability VCID-xsmf-gtwu-1kae
48
vulnerability VCID-yyh5-z2zn-h7h7
49
vulnerability VCID-yyqg-c3nw-nkdn
50
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.1
aliases CVE-2021-37839, GHSA-748r-5r8q-273m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3q94-rkzw-q7bb
7
url VCID-3sh2-fv5f-jkh5
vulnerability_id VCID-3sh2-fv5f-jkh5
summary When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-45438
reference_id
reference_type
scores
0
value 0.02695
scoring_system epss
scoring_elements 0.86249
published_at 2026-06-12T12:55:00Z
1
value 0.0324
scoring_system epss
scoring_elements 0.87393
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-45438
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-45438
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-45438
3
reference_url https://github.com/advisories/GHSA-8f5j-mgx9-5hm5
reference_id GHSA-8f5j-mgx9-5hm5
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8f5j-mgx9-5hm5
4
reference_url https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
reference_id snxbkf2x9kww7s0wkmydct9nhqqn9rv9
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:59:07Z/
url https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-45438, GHSA-8f5j-mgx9-5hm5
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3sh2-fv5f-jkh5
8
url VCID-46y8-wuk7-hfad
vulnerability_id VCID-46y8-wuk7-hfad
summary SQL injection in apache-superset
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-27479
reference_id
reference_type
scores
0
value 0.04329
scoring_system epss
scoring_elements 0.89154
published_at 2026-06-11T12:55:00Z
1
value 0.04329
scoring_system epss
scoring_elements 0.89192
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-27479
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml
3
reference_url https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6
4
reference_url https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y
5
reference_url http://www.openwall.com/lists/oss-security/2022/04/13/3
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2022/04/13/3
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-27479
reference_id CVE-2022-27479
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-27479
7
reference_url https://github.com/advisories/GHSA-wh73-hpcg-v32j
reference_id GHSA-wh73-hpcg-v32j
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-wh73-hpcg-v32j
fixed_packages
0
url pkg:pypi/apache-superset@1.4.2
purl pkg:pypi/apache-superset@1.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-3q94-rkzw-q7bb
6
vulnerability VCID-3sh2-fv5f-jkh5
7
vulnerability VCID-4axb-e4nm-3fcy
8
vulnerability VCID-58d5-z1y6-qffj
9
vulnerability VCID-5m3g-6uya-1fe3
10
vulnerability VCID-6brk-rjs7-67he
11
vulnerability VCID-8bqq-wrc2-b3de
12
vulnerability VCID-8qnw-zrab-y3ac
13
vulnerability VCID-8s2r-g7nq-9qcm
14
vulnerability VCID-98eq-5ynn-2ba5
15
vulnerability VCID-9wan-6z96-uudu
16
vulnerability VCID-au4r-bwjy-rbdw
17
vulnerability VCID-c1du-my8w-3kc4
18
vulnerability VCID-cmt6-zps1-1yaa
19
vulnerability VCID-djyw-btmk-tyc1
20
vulnerability VCID-ew1h-9gne-ckda
21
vulnerability VCID-f3cr-98hh-qygb
22
vulnerability VCID-fuze-h6b7-p7ej
23
vulnerability VCID-fw5g-fb97-5qgv
24
vulnerability VCID-ggry-wydz-j3az
25
vulnerability VCID-h8px-dtx8-7ucd
26
vulnerability VCID-hb6y-7ujs-bfe9
27
vulnerability VCID-jbtq-unbj-nyez
28
vulnerability VCID-jkea-eab6-rubm
29
vulnerability VCID-meyp-4j5x-sfbt
30
vulnerability VCID-mjty-hv8c-mbck
31
vulnerability VCID-mwbp-vuvw-mua1
32
vulnerability VCID-pvr6-v3ds-sqcr
33
vulnerability VCID-q2f7-jq7w-vkc5
34
vulnerability VCID-rkx2-ky5w-myce
35
vulnerability VCID-s7bz-64kr-9yfs
36
vulnerability VCID-ss9d-ku99-b3gf
37
vulnerability VCID-tf8b-bq3r-2fhc
38
vulnerability VCID-tvfr-mp56-b7f4
39
vulnerability VCID-ubwg-81j2-8yhd
40
vulnerability VCID-us7y-vvzr-2fea
41
vulnerability VCID-uxws-xum3-efgv
42
vulnerability VCID-uyy9-mrk5-fbhd
43
vulnerability VCID-v735-muyq-h7hr
44
vulnerability VCID-vafu-fk53-6yd4
45
vulnerability VCID-w4pb-uqe1-27cv
46
vulnerability VCID-wgd2-ud3v-gkdw
47
vulnerability VCID-xsmf-gtwu-1kae
48
vulnerability VCID-yyh5-z2zn-h7h7
49
vulnerability VCID-yyqg-c3nw-nkdn
50
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.2
aliases BIT-superset-2022-27479, CVE-2022-27479, GHSA-wh73-hpcg-v32j, PYSEC-2022-188
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-46y8-wuk7-hfad
9
url VCID-4axb-e4nm-3fcy
vulnerability_id VCID-4axb-e4nm-3fcy
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42502
reference_id
reference_type
scores
0
value 0.00099
scoring_system epss
scoring_elements 0.27068
published_at 2026-06-11T12:55:00Z
1
value 0.00099
scoring_system epss
scoring_elements 0.27271
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42502
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42502
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42502
4
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/3
5
reference_url https://github.com/advisories/GHSA-hc74-9vjm-c9xv
reference_id GHSA-hc74-9vjm-c9xv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hc74-9vjm-c9xv
fixed_packages
0
url pkg:pypi/apache-superset@3.0.0
purl pkg:pypi/apache-superset@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8qnw-zrab-y3ac
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-czv8-b1v4-s3gv
8
vulnerability VCID-djyw-btmk-tyc1
9
vulnerability VCID-f3cr-98hh-qygb
10
vulnerability VCID-fw5g-fb97-5qgv
11
vulnerability VCID-h8px-dtx8-7ucd
12
vulnerability VCID-jbtq-unbj-nyez
13
vulnerability VCID-mjty-hv8c-mbck
14
vulnerability VCID-mwbp-vuvw-mua1
15
vulnerability VCID-pvr6-v3ds-sqcr
16
vulnerability VCID-q2f7-jq7w-vkc5
17
vulnerability VCID-rkx2-ky5w-myce
18
vulnerability VCID-s7bz-64kr-9yfs
19
vulnerability VCID-ss9d-ku99-b3gf
20
vulnerability VCID-tvfr-mp56-b7f4
21
vulnerability VCID-ubwg-81j2-8yhd
22
vulnerability VCID-us7y-vvzr-2fea
23
vulnerability VCID-uxws-xum3-efgv
24
vulnerability VCID-v735-muyq-h7hr
25
vulnerability VCID-vafu-fk53-6yd4
26
vulnerability VCID-xsmf-gtwu-1kae
27
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0
aliases CVE-2023-42502, GHSA-hc74-9vjm-c9xv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4axb-e4nm-3fcy
10
url VCID-58d5-z1y6-qffj
vulnerability_id VCID-58d5-z1y6-qffj
summary An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36387
reference_id
reference_type
scores
0
value 0.00022
scoring_system epss
scoring_elements 0.06585
published_at 2026-06-11T12:55:00Z
1
value 0.00022
scoring_system epss
scoring_elements 0.06608
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36387
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36387
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36387
3
reference_url https://github.com/apache/superset/pull/24185
reference_id 24185
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/
url https://github.com/apache/superset/pull/24185
4
reference_url https://github.com/advisories/GHSA-9832-mgg4-3gr6
reference_id GHSA-9832-mgg4-3gr6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9832-mgg4-3gr6
5
reference_url https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3
reference_id tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/
url https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-36387, GHSA-9832-mgg4-3gr6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-58d5-z1y6-qffj
11
url VCID-5m3g-6uya-1fe3
vulnerability_id VCID-5m3g-6uya-1fe3
summary A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27526
reference_id
reference_type
scores
0
value 0.00126
scoring_system epss
scoring_elements 0.3161
published_at 2026-06-12T12:55:00Z
1
value 0.00126
scoring_system epss
scoring_elements 0.31418
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27526
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27526
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27526
3
reference_url https://github.com/advisories/GHSA-9qc3-p9jq-2x27
reference_id GHSA-9qc3-p9jq-2x27
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9qc3-p9jq-2x27
4
reference_url https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv
reference_id ndww89yl2jd98lvn23n9cj722lfdg8dv
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:41Z/
url https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-27526, GHSA-9qc3-p9jq-2x27
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5m3g-6uya-1fe3
12
url VCID-6brk-rjs7-67he
vulnerability_id VCID-6brk-rjs7-67he
summary Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-36388
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32642
published_at 2026-06-12T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32461
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-36388
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-36388
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-36388
3
reference_url https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs
reference_id ccmjjz4jp17yc2kcd18qshmdtf7qorfs
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:04Z/
url https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs
4
reference_url https://github.com/advisories/GHSA-4fg9-5w46-xmrj
reference_id GHSA-4fg9-5w46-xmrj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4fg9-5w46-xmrj
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-36388, GHSA-4fg9-5w46-xmrj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6brk-rjs7-67he
13
url VCID-8bqq-wrc2-b3de
vulnerability_id VCID-8bqq-wrc2-b3de
summary 
An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23982
reference_id
reference_type
scores
0
value 0.00043
scoring_system epss
scoring_elements 0.13535
published_at 2026-06-12T12:55:00Z
1
value 0.00043
scoring_system epss
scoring_elements 0.13418
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23982
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/24/6
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/24/6
3
reference_url https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp
reference_id 9lvbzwkw4rxgdvbpfvnnnfcll92v75fp
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:44:20Z/
url https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23982
reference_id CVE-2026-23982
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23982
5
reference_url https://github.com/advisories/GHSA-3m2g-v7jf-7fxc
reference_id GHSA-3m2g-v7jf-7fxc
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3m2g-v7jf-7fxc
fixed_packages
0
url pkg:pypi/apache-superset@6.0.0
purl pkg:pypi/apache-superset@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0
aliases CVE-2026-23982, GHSA-3m2g-v7jf-7fxc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqq-wrc2-b3de
14
url VCID-8qnw-zrab-y3ac
vulnerability_id VCID-8qnw-zrab-y3ac
summary 
This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.
 
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23952
reference_id
reference_type
scores
0
value 0.0138
scoring_system epss
scoring_elements 0.80752
published_at 2026-06-12T12:55:00Z
1
value 0.0138
scoring_system epss
scoring_elements 0.80692
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23952
1
reference_url http://www.openwall.com/lists/oss-security/2024/02/14/2
reference_id 2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/
url http://www.openwall.com/lists/oss-security/2024/02/14/2
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/14/3
reference_id 3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/
url http://www.openwall.com/lists/oss-security/2024/02/14/3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23952
reference_id CVE-2024-23952
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23952
4
reference_url https://github.com/advisories/GHSA-v7q3-5rqm-x7m9
reference_id GHSA-v7q3-5rqm-x7m9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v7q3-5rqm-x7m9
5
reference_url https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx
reference_id zc58zvm4414molqn2m4d4vkrbrsxdksx
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/
url https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx
fixed_packages
0
url pkg:pypi/apache-superset@2.1.2
purl pkg:pypi/apache-superset@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-98eq-5ynn-2ba5
8
vulnerability VCID-c1du-my8w-3kc4
9
vulnerability VCID-czv8-b1v4-s3gv
10
vulnerability VCID-djyw-btmk-tyc1
11
vulnerability VCID-f3cr-98hh-qygb
12
vulnerability VCID-fw5g-fb97-5qgv
13
vulnerability VCID-h8px-dtx8-7ucd
14
vulnerability VCID-jbtq-unbj-nyez
15
vulnerability VCID-mjty-hv8c-mbck
16
vulnerability VCID-mwbp-vuvw-mua1
17
vulnerability VCID-pvr6-v3ds-sqcr
18
vulnerability VCID-q2f7-jq7w-vkc5
19
vulnerability VCID-rkx2-ky5w-myce
20
vulnerability VCID-ss9d-ku99-b3gf
21
vulnerability VCID-tvfr-mp56-b7f4
22
vulnerability VCID-ubwg-81j2-8yhd
23
vulnerability VCID-us7y-vvzr-2fea
24
vulnerability VCID-uxws-xum3-efgv
25
vulnerability VCID-v735-muyq-h7hr
26
vulnerability VCID-vafu-fk53-6yd4
27
vulnerability VCID-xsmf-gtwu-1kae
28
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2
1
url pkg:pypi/apache-superset@3.0.1
purl pkg:pypi/apache-superset@3.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-jbtq-unbj-nyez
12
vulnerability VCID-mjty-hv8c-mbck
13
vulnerability VCID-mwbp-vuvw-mua1
14
vulnerability VCID-pvr6-v3ds-sqcr
15
vulnerability VCID-q2f7-jq7w-vkc5
16
vulnerability VCID-rkx2-ky5w-myce
17
vulnerability VCID-s7bz-64kr-9yfs
18
vulnerability VCID-ss9d-ku99-b3gf
19
vulnerability VCID-tvfr-mp56-b7f4
20
vulnerability VCID-ubwg-81j2-8yhd
21
vulnerability VCID-us7y-vvzr-2fea
22
vulnerability VCID-uxws-xum3-efgv
23
vulnerability VCID-v735-muyq-h7hr
24
vulnerability VCID-vafu-fk53-6yd4
25
vulnerability VCID-xsmf-gtwu-1kae
26
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.1
aliases CVE-2024-23952, GHSA-v7q3-5rqm-x7m9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8qnw-zrab-y3ac
15
url VCID-8s2r-g7nq-9qcm
vulnerability_id VCID-8s2r-g7nq-9qcm
summary 
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.

Users are recommended to upgrade to version 3.1.2 or above, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28148
reference_id
reference_type
scores
0
value 0.0008
scoring_system epss
scoring_elements 0.23713
published_at 2026-06-11T12:55:00Z
1
value 0.0008
scoring_system epss
scoring_elements 0.23909
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28148
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28148
reference_id CVE-2024-28148
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28148
3
reference_url https://github.com/advisories/GHSA-299q-3p96-5898
reference_id GHSA-299q-3p96-5898
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-299q-3p96-5898
4
reference_url https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo
reference_id n27wlbd05oc6bgjh28d5pxzsrrph8dgo
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:25:54Z/
url https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo
fixed_packages
0
url pkg:pypi/apache-superset@3.1.2
purl pkg:pypi/apache-superset@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.2
1
url pkg:pypi/apache-superset@4.0.0
purl pkg:pypi/apache-superset@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-czv8-b1v4-s3gv
5
vulnerability VCID-djyw-btmk-tyc1
6
vulnerability VCID-f3cr-98hh-qygb
7
vulnerability VCID-mjty-hv8c-mbck
8
vulnerability VCID-mwbp-vuvw-mua1
9
vulnerability VCID-pvr6-v3ds-sqcr
10
vulnerability VCID-tvfr-mp56-b7f4
11
vulnerability VCID-ubwg-81j2-8yhd
12
vulnerability VCID-us7y-vvzr-2fea
13
vulnerability VCID-v735-muyq-h7hr
14
vulnerability VCID-vafu-fk53-6yd4
15
vulnerability VCID-xsmf-gtwu-1kae
16
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.0
aliases CVE-2024-28148, GHSA-299q-3p96-5898
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8s2r-g7nq-9qcm
16
url VCID-98eq-5ynn-2ba5
vulnerability_id VCID-98eq-5ynn-2ba5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42505
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.13258
published_at 2026-06-11T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.13364
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42505
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42505
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42505
4
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/28/5
5
reference_url https://github.com/advisories/GHSA-fgpw-4w69-j256
reference_id GHSA-fgpw-4w69-j256
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fgpw-4w69-j256
fixed_packages
0
url pkg:pypi/apache-superset@3.0.0
purl pkg:pypi/apache-superset@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8qnw-zrab-y3ac
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-czv8-b1v4-s3gv
8
vulnerability VCID-djyw-btmk-tyc1
9
vulnerability VCID-f3cr-98hh-qygb
10
vulnerability VCID-fw5g-fb97-5qgv
11
vulnerability VCID-h8px-dtx8-7ucd
12
vulnerability VCID-jbtq-unbj-nyez
13
vulnerability VCID-mjty-hv8c-mbck
14
vulnerability VCID-mwbp-vuvw-mua1
15
vulnerability VCID-pvr6-v3ds-sqcr
16
vulnerability VCID-q2f7-jq7w-vkc5
17
vulnerability VCID-rkx2-ky5w-myce
18
vulnerability VCID-s7bz-64kr-9yfs
19
vulnerability VCID-ss9d-ku99-b3gf
20
vulnerability VCID-tvfr-mp56-b7f4
21
vulnerability VCID-ubwg-81j2-8yhd
22
vulnerability VCID-us7y-vvzr-2fea
23
vulnerability VCID-uxws-xum3-efgv
24
vulnerability VCID-v735-muyq-h7hr
25
vulnerability VCID-vafu-fk53-6yd4
26
vulnerability VCID-xsmf-gtwu-1kae
27
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0
aliases CVE-2023-42505, GHSA-fgpw-4w69-j256
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-98eq-5ynn-2ba5
17
url VCID-9wan-6z96-uudu
vulnerability_id VCID-9wan-6z96-uudu
summary Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39265
reference_id
reference_type
scores
0
value 0.72085
scoring_system epss
scoring_elements 0.9877
published_at 2026-06-11T12:55:00Z
1
value 0.72085
scoring_system epss
scoring_elements 0.98775
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39265
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39265
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39265
3
reference_url http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
reference_id Apache-Superset-2.0.0-Remote-Code-Execution.html
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/
url http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
4
reference_url https://github.com/advisories/GHSA-fm4q-j8g4-c9j4
reference_id GHSA-fm4q-j8g4-c9j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fm4q-j8g4-c9j4
5
reference_url https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy
reference_id pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/
url https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-39265, GHSA-fm4q-j8g4-c9j4
risk_score 10.0
exploitability 2.0
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9wan-6z96-uudu
18
url VCID-au4r-bwjy-rbdw
vulnerability_id VCID-au4r-bwjy-rbdw
summary Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43717
reference_id
reference_type
scores
0
value 0.01349
scoring_system epss
scoring_elements 0.805
published_at 2026-06-11T12:55:00Z
1
value 0.01497
scoring_system epss
scoring_elements 0.81575
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43717
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43717
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43717
3
reference_url https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl
reference_id g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T13:51:44Z/
url https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl
4
reference_url https://github.com/advisories/GHSA-9f88-wg5r-947j
reference_id GHSA-9f88-wg5r-947j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9f88-wg5r-947j
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-43717, GHSA-9f88-wg5r-947j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-au4r-bwjy-rbdw
19
url VCID-c1du-my8w-3kc4
vulnerability_id VCID-c1du-my8w-3kc4
summary 
An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.

This issue affects Apache Superset: before 3.0.0
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42504
reference_id
reference_type
scores
0
value 0.0029
scoring_system epss
scoring_elements 0.52909
published_at 2026-06-12T12:55:00Z
1
value 0.0029
scoring_system epss
scoring_elements 0.52781
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42504
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42504
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42504
3
reference_url http://www.openwall.com/lists/oss-security/2023/11/28/6
reference_id 6
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/
url http://www.openwall.com/lists/oss-security/2023/11/28/6
4
reference_url https://github.com/advisories/GHSA-3hp7-4qq4-v5c6
reference_id GHSA-3hp7-4qq4-v5c6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3hp7-4qq4-v5c6
5
reference_url https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
reference_id yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/
url https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l
fixed_packages
0
url pkg:pypi/apache-superset@3.0.0
purl pkg:pypi/apache-superset@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8qnw-zrab-y3ac
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-czv8-b1v4-s3gv
8
vulnerability VCID-djyw-btmk-tyc1
9
vulnerability VCID-f3cr-98hh-qygb
10
vulnerability VCID-fw5g-fb97-5qgv
11
vulnerability VCID-h8px-dtx8-7ucd
12
vulnerability VCID-jbtq-unbj-nyez
13
vulnerability VCID-mjty-hv8c-mbck
14
vulnerability VCID-mwbp-vuvw-mua1
15
vulnerability VCID-pvr6-v3ds-sqcr
16
vulnerability VCID-q2f7-jq7w-vkc5
17
vulnerability VCID-rkx2-ky5w-myce
18
vulnerability VCID-s7bz-64kr-9yfs
19
vulnerability VCID-ss9d-ku99-b3gf
20
vulnerability VCID-tvfr-mp56-b7f4
21
vulnerability VCID-ubwg-81j2-8yhd
22
vulnerability VCID-us7y-vvzr-2fea
23
vulnerability VCID-uxws-xum3-efgv
24
vulnerability VCID-v735-muyq-h7hr
25
vulnerability VCID-vafu-fk53-6yd4
26
vulnerability VCID-xsmf-gtwu-1kae
27
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0
aliases CVE-2023-42504, GHSA-3hp7-4qq4-v5c6
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1du-my8w-3kc4
20
url VCID-cmt6-zps1-1yaa
vulnerability_id VCID-cmt6-zps1-1yaa
summary An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43720
reference_id
reference_type
scores
0
value 0.01468
scoring_system epss
scoring_elements 0.81383
published_at 2026-06-12T12:55:00Z
1
value 0.01787
scoring_system epss
scoring_elements 0.83145
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43720
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43720
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43720
3
reference_url https://github.com/advisories/GHSA-fpmr-qmgh-42x2
reference_id GHSA-fpmr-qmgh-42x2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fpmr-qmgh-42x2
4
reference_url https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l
reference_id jts6x56kghr9mbowb653bk70pl81jp8l
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:02:39Z/
url https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-43720, GHSA-fpmr-qmgh-42x2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmt6-zps1-1yaa
21
url VCID-djyw-btmk-tyc1
vulnerability_id VCID-djyw-btmk-tyc1
summary 
When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.

This issue affects Apache Superset: before 4.1.3.

Users are recommended to upgrade to version 4.1.3, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55673
reference_id
reference_type
scores
0
value 0.00881
scoring_system epss
scoring_elements 0.75879
published_at 2026-06-12T12:55:00Z
1
value 0.00881
scoring_system epss
scoring_elements 0.75808
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55673
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55673
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55673
3
reference_url http://www.openwall.com/lists/oss-security/2025/08/14/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/14/3
4
reference_url https://github.com/advisories/GHSA-9g5x-mm39-wg9r
reference_id GHSA-9g5x-mm39-wg9r
reference_type
scores
url https://github.com/advisories/GHSA-9g5x-mm39-wg9r
5
reference_url https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8
reference_id h2hw756wk4sj4z49blvzkr5fntl9hlf8
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T14:02:38Z/
url https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8
fixed_packages
0
url pkg:pypi/apache-superset@4.1.3.post1
purl pkg:pypi/apache-superset@4.1.3.post1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-8bqq-wrc2-b3de
2
vulnerability VCID-mjty-hv8c-mbck
3
vulnerability VCID-tvfr-mp56-b7f4
4
vulnerability VCID-ubwg-81j2-8yhd
5
vulnerability VCID-us7y-vvzr-2fea
6
vulnerability VCID-v735-muyq-h7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.3.post1
aliases CVE-2025-55673, GHSA-9g5x-mm39-wg9r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-djyw-btmk-tyc1
22
url VCID-ew1h-9gne-ckda
vulnerability_id VCID-ew1h-9gne-ckda
summary An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27525
reference_id
reference_type
scores
0
value 0.00533
scoring_system epss
scoring_elements 0.67893
published_at 2026-06-12T12:55:00Z
1
value 0.00533
scoring_system epss
scoring_elements 0.67804
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27525
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27525
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27525
3
reference_url https://github.com/advisories/GHSA-7jhg-8m74-6f6g
reference_id GHSA-7jhg-8m74-6f6g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7jhg-8m74-6f6g
4
reference_url https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
reference_id wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:03:40Z/
url https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77
fixed_packages
0
url pkg:pypi/apache-superset@2.1.0
purl pkg:pypi/apache-superset@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-meyp-4j5x-sfbt
24
vulnerability VCID-mjty-hv8c-mbck
25
vulnerability VCID-mwbp-vuvw-mua1
26
vulnerability VCID-pvr6-v3ds-sqcr
27
vulnerability VCID-q2f7-jq7w-vkc5
28
vulnerability VCID-rkx2-ky5w-myce
29
vulnerability VCID-s7bz-64kr-9yfs
30
vulnerability VCID-ss9d-ku99-b3gf
31
vulnerability VCID-tf8b-bq3r-2fhc
32
vulnerability VCID-tvfr-mp56-b7f4
33
vulnerability VCID-ubwg-81j2-8yhd
34
vulnerability VCID-us7y-vvzr-2fea
35
vulnerability VCID-uxws-xum3-efgv
36
vulnerability VCID-v735-muyq-h7hr
37
vulnerability VCID-vafu-fk53-6yd4
38
vulnerability VCID-wgd2-ud3v-gkdw
39
vulnerability VCID-xsmf-gtwu-1kae
40
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0
aliases CVE-2023-27525, GHSA-7jhg-8m74-6f6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ew1h-9gne-ckda
23
url VCID-f3cr-98hh-qygb
vulnerability_id VCID-f3cr-98hh-qygb
summary 
An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.

This issue affects Apache Superset: before 4.0.2.

Users are recommended to upgrade to version 4.0.2, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-39887
reference_id
reference_type
scores
0
value 0.61396
scoring_system epss
scoring_elements 0.98358
published_at 2026-06-12T12:55:00Z
1
value 0.61396
scoring_system epss
scoring_elements 0.98352
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-39887
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506
3
reference_url http://www.openwall.com/lists/oss-security/2024/07/16/5
reference_id 5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/
url http://www.openwall.com/lists/oss-security/2024/07/16/5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-39887
reference_id CVE-2024-39887
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-39887
5
reference_url https://github.com/advisories/GHSA-2q6j-vpvr-6pvj
reference_id GHSA-2q6j-vpvr-6pvj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2q6j-vpvr-6pvj
6
reference_url https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz
reference_id j55vm41jg3l0x6w49zrmvbf3k0ts5fqz
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/
url https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz
fixed_packages
0
url pkg:pypi/apache-superset@4.0.2
purl pkg:pypi/apache-superset@4.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-czv8-b1v4-s3gv
5
vulnerability VCID-djyw-btmk-tyc1
6
vulnerability VCID-mjty-hv8c-mbck
7
vulnerability VCID-mwbp-vuvw-mua1
8
vulnerability VCID-pvr6-v3ds-sqcr
9
vulnerability VCID-tvfr-mp56-b7f4
10
vulnerability VCID-ubwg-81j2-8yhd
11
vulnerability VCID-us7y-vvzr-2fea
12
vulnerability VCID-v735-muyq-h7hr
13
vulnerability VCID-xsmf-gtwu-1kae
14
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.2
aliases CVE-2024-39887, GHSA-2q6j-vpvr-6pvj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cr-98hh-qygb
24
url VCID-fuze-h6b7-p7ej
vulnerability_id VCID-fuze-h6b7-p7ej
summary 
Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
This issue affects Apache Superset: before 2.1.2.
Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-42501
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27402
published_at 2026-06-11T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27605
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-42501
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-42501
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-42501
3
reference_url http://www.openwall.com/lists/oss-security/2023/11/27/3
reference_id 3
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/
url http://www.openwall.com/lists/oss-security/2023/11/27/3
4
reference_url https://github.com/advisories/GHSA-vv65-fjfj-4736
reference_id GHSA-vv65-fjfj-4736
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vv65-fjfj-4736
5
reference_url https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh
reference_id vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/
url https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh
fixed_packages
0
url pkg:pypi/apache-superset@2.1.2
purl pkg:pypi/apache-superset@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-98eq-5ynn-2ba5
8
vulnerability VCID-c1du-my8w-3kc4
9
vulnerability VCID-czv8-b1v4-s3gv
10
vulnerability VCID-djyw-btmk-tyc1
11
vulnerability VCID-f3cr-98hh-qygb
12
vulnerability VCID-fw5g-fb97-5qgv
13
vulnerability VCID-h8px-dtx8-7ucd
14
vulnerability VCID-jbtq-unbj-nyez
15
vulnerability VCID-mjty-hv8c-mbck
16
vulnerability VCID-mwbp-vuvw-mua1
17
vulnerability VCID-pvr6-v3ds-sqcr
18
vulnerability VCID-q2f7-jq7w-vkc5
19
vulnerability VCID-rkx2-ky5w-myce
20
vulnerability VCID-ss9d-ku99-b3gf
21
vulnerability VCID-tvfr-mp56-b7f4
22
vulnerability VCID-ubwg-81j2-8yhd
23
vulnerability VCID-us7y-vvzr-2fea
24
vulnerability VCID-uxws-xum3-efgv
25
vulnerability VCID-v735-muyq-h7hr
26
vulnerability VCID-vafu-fk53-6yd4
27
vulnerability VCID-xsmf-gtwu-1kae
28
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2
aliases CVE-2023-42501, GHSA-vv65-fjfj-4736
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fuze-h6b7-p7ej
25
url VCID-fw5g-fb97-5qgv
vulnerability_id VCID-fw5g-fb97-5qgv
summary 
A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.


Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24772
reference_id
reference_type
scores
0
value 0.00575
scoring_system epss
scoring_elements 0.69333
published_at 2026-06-12T12:55:00Z
1
value 0.00575
scoring_system epss
scoring_elements 0.6924
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24772
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/28/5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/02/28/5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24772
reference_id CVE-2024-24772
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24772
4
reference_url https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5
reference_id gfl3ckwy6y9tpz9jmpv62orh2q346sn5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T17:55:04Z/
url https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5
5
reference_url https://github.com/advisories/GHSA-m6jm-3v38-76j4
reference_id GHSA-m6jm-3v38-76j4
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m6jm-3v38-76j4
fixed_packages
0
url pkg:pypi/apache-superset@3.0.4
purl pkg:pypi/apache-superset@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4
1
url pkg:pypi/apache-superset@3.1.1
purl pkg:pypi/apache-superset@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1
aliases CVE-2024-24772, GHSA-m6jm-3v38-76j4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fw5g-fb97-5qgv
26
url VCID-ggry-wydz-j3az
vulnerability_id VCID-ggry-wydz-j3az
summary Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43718
reference_id
reference_type
scores
0
value 0.00448
scoring_system epss
scoring_elements 0.64004
published_at 2026-06-11T12:55:00Z
1
value 0.00498
scoring_system epss
scoring_elements 0.66434
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43718
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43718
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43718
3
reference_url https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r
reference_id 8615608jt2x7b3rmqrtngldy8pn3nz2r
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:05:57Z/
url https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r
4
reference_url https://github.com/advisories/GHSA-79x5-cv79-49rj
reference_id GHSA-79x5-cv79-49rj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-79x5-cv79-49rj
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-43718, GHSA-79x5-cv79-49rj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggry-wydz-j3az
27
url VCID-h8px-dtx8-7ucd
vulnerability_id VCID-h8px-dtx8-7ucd
summary 
A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.

This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-26016
reference_id
reference_type
scores
0
value 0.00249
scoring_system epss
scoring_elements 0.48581
published_at 2026-06-12T12:55:00Z
1
value 0.00249
scoring_system epss
scoring_elements 0.48443
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-26016
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/28/7
reference_id 7
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/
url http://www.openwall.com/lists/oss-security/2024/02/28/7
3
reference_url https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s
reference_id 76v1jjcylgk4p3m0258qr359ook3vl8s
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/
url https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-26016
reference_id CVE-2024-26016
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-26016
5
reference_url https://github.com/advisories/GHSA-3v9r-885j-762g
reference_id GHSA-3v9r-885j-762g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3v9r-885j-762g
fixed_packages
0
url pkg:pypi/apache-superset@3.0.4
purl pkg:pypi/apache-superset@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4
1
url pkg:pypi/apache-superset@3.1.1
purl pkg:pypi/apache-superset@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1
aliases CVE-2024-26016, GHSA-3v9r-885j-762g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h8px-dtx8-7ucd
28
url VCID-hb6y-7ujs-bfe9
vulnerability_id VCID-hb6y-7ujs-bfe9
summary A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag "ALLOW_ADHOC_SUBQUERY" disabled (default value). This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41703
reference_id
reference_type
scores
0
value 0.01068
scoring_system epss
scoring_elements 0.782
published_at 2026-06-12T12:55:00Z
1
value 0.01302
scoring_system epss
scoring_elements 0.80169
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41703
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41703
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41703
3
reference_url https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos
reference_id g7jjw0okxjk5y57pbbxy19ydw42kqcos
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:32:13Z/
url https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos
4
reference_url https://github.com/advisories/GHSA-cxvp-3frm-3876
reference_id GHSA-cxvp-3frm-3876
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cxvp-3frm-3876
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-41703, GHSA-cxvp-3frm-3876
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hb6y-7ujs-bfe9
29
url VCID-jbtq-unbj-nyez
vulnerability_id VCID-jbtq-unbj-nyez
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49736
reference_id
reference_type
scores
0
value 0.00496
scoring_system epss
scoring_elements 0.66233
published_at 2026-06-11T12:55:00Z
1
value 0.00496
scoring_system epss
scoring_elements 0.66328
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49736
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751
3
reference_url https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d
4
reference_url https://github.com/apache/superset/pull/25779
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/pull/25779
5
reference_url https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49736
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49736
7
reference_url http://www.openwall.com/lists/oss-security/2023/12/19/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/19/2
8
reference_url https://github.com/advisories/GHSA-jfxj-xf67-x723
reference_id GHSA-jfxj-xf67-x723
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfxj-xf67-x723
fixed_packages
0
url pkg:pypi/apache-superset@2.1.3
purl pkg:pypi/apache-superset@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-mjty-hv8c-mbck
12
vulnerability VCID-mwbp-vuvw-mua1
13
vulnerability VCID-pvr6-v3ds-sqcr
14
vulnerability VCID-q2f7-jq7w-vkc5
15
vulnerability VCID-rkx2-ky5w-myce
16
vulnerability VCID-tvfr-mp56-b7f4
17
vulnerability VCID-ubwg-81j2-8yhd
18
vulnerability VCID-us7y-vvzr-2fea
19
vulnerability VCID-uxws-xum3-efgv
20
vulnerability VCID-v735-muyq-h7hr
21
vulnerability VCID-vafu-fk53-6yd4
22
vulnerability VCID-xsmf-gtwu-1kae
23
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3
1
url pkg:pypi/apache-superset@3.0.2
purl pkg:pypi/apache-superset@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-mjty-hv8c-mbck
12
vulnerability VCID-mwbp-vuvw-mua1
13
vulnerability VCID-pvr6-v3ds-sqcr
14
vulnerability VCID-q2f7-jq7w-vkc5
15
vulnerability VCID-rkx2-ky5w-myce
16
vulnerability VCID-s7bz-64kr-9yfs
17
vulnerability VCID-tvfr-mp56-b7f4
18
vulnerability VCID-ubwg-81j2-8yhd
19
vulnerability VCID-us7y-vvzr-2fea
20
vulnerability VCID-uxws-xum3-efgv
21
vulnerability VCID-v735-muyq-h7hr
22
vulnerability VCID-vafu-fk53-6yd4
23
vulnerability VCID-xsmf-gtwu-1kae
24
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2
aliases CVE-2023-49736, GHSA-jfxj-xf67-x723
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jbtq-unbj-nyez
30
url VCID-jkea-eab6-rubm
vulnerability_id VCID-jkea-eab6-rubm
summary An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API. This issue affects Apache Superset version 1.3.0 up to 2.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30776
reference_id
reference_type
scores
0
value 0.00266
scoring_system epss
scoring_elements 0.50521
published_at 2026-06-12T12:55:00Z
1
value 0.00266
scoring_system epss
scoring_elements 0.50388
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30776
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30776
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30776
3
reference_url http://www.openwall.com/lists/oss-security/2023/04/24/3
reference_id 3
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:45Z/
url http://www.openwall.com/lists/oss-security/2023/04/24/3
4
reference_url https://github.com/advisories/GHSA-cmjc-52fg-9f7j
reference_id GHSA-cmjc-52fg-9f7j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cmjc-52fg-9f7j
5
reference_url https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz
reference_id s9w9w10mt2sngk3solwnmq5k7md53tsz
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:08:45Z/
url https://lists.apache.org/thread/s9w9w10mt2sngk3solwnmq5k7md53tsz
fixed_packages
0
url pkg:pypi/apache-superset@2.1.0
purl pkg:pypi/apache-superset@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-meyp-4j5x-sfbt
24
vulnerability VCID-mjty-hv8c-mbck
25
vulnerability VCID-mwbp-vuvw-mua1
26
vulnerability VCID-pvr6-v3ds-sqcr
27
vulnerability VCID-q2f7-jq7w-vkc5
28
vulnerability VCID-rkx2-ky5w-myce
29
vulnerability VCID-s7bz-64kr-9yfs
30
vulnerability VCID-ss9d-ku99-b3gf
31
vulnerability VCID-tf8b-bq3r-2fhc
32
vulnerability VCID-tvfr-mp56-b7f4
33
vulnerability VCID-ubwg-81j2-8yhd
34
vulnerability VCID-us7y-vvzr-2fea
35
vulnerability VCID-uxws-xum3-efgv
36
vulnerability VCID-v735-muyq-h7hr
37
vulnerability VCID-vafu-fk53-6yd4
38
vulnerability VCID-wgd2-ud3v-gkdw
39
vulnerability VCID-xsmf-gtwu-1kae
40
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0
aliases CVE-2023-30776, GHSA-cmjc-52fg-9f7j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jkea-eab6-rubm
31
url VCID-meyp-4j5x-sfbt
vulnerability_id VCID-meyp-4j5x-sfbt
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43701
reference_id
reference_type
scores
0
value 0.00237
scoring_system epss
scoring_elements 0.47068
published_at 2026-06-11T12:55:00Z
1
value 0.00237
scoring_system epss
scoring_elements 0.47209
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43701
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43701
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43701
4
reference_url https://www.openwall.com/lists/oss-security/2023/11/27/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.openwall.com/lists/oss-security/2023/11/27/4
5
reference_url http://www.openwall.com/lists/oss-security/2023/11/27/4
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/11/27/4
6
reference_url https://github.com/advisories/GHSA-wq8q-99p5-xfrw
reference_id GHSA-wq8q-99p5-xfrw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wq8q-99p5-xfrw
fixed_packages
0
url pkg:pypi/apache-superset@2.1.2
purl pkg:pypi/apache-superset@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-98eq-5ynn-2ba5
8
vulnerability VCID-c1du-my8w-3kc4
9
vulnerability VCID-czv8-b1v4-s3gv
10
vulnerability VCID-djyw-btmk-tyc1
11
vulnerability VCID-f3cr-98hh-qygb
12
vulnerability VCID-fw5g-fb97-5qgv
13
vulnerability VCID-h8px-dtx8-7ucd
14
vulnerability VCID-jbtq-unbj-nyez
15
vulnerability VCID-mjty-hv8c-mbck
16
vulnerability VCID-mwbp-vuvw-mua1
17
vulnerability VCID-pvr6-v3ds-sqcr
18
vulnerability VCID-q2f7-jq7w-vkc5
19
vulnerability VCID-rkx2-ky5w-myce
20
vulnerability VCID-ss9d-ku99-b3gf
21
vulnerability VCID-tvfr-mp56-b7f4
22
vulnerability VCID-ubwg-81j2-8yhd
23
vulnerability VCID-us7y-vvzr-2fea
24
vulnerability VCID-uxws-xum3-efgv
25
vulnerability VCID-v735-muyq-h7hr
26
vulnerability VCID-vafu-fk53-6yd4
27
vulnerability VCID-xsmf-gtwu-1kae
28
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2
aliases CVE-2023-43701, GHSA-wq8q-99p5-xfrw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-meyp-4j5x-sfbt
32
url VCID-mjty-hv8c-mbck
vulnerability_id VCID-mjty-hv8c-mbck
summary 
A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55674
reference_id
reference_type
scores
0
value 0.00376
scoring_system epss
scoring_elements 0.59708
published_at 2026-06-12T12:55:00Z
1
value 0.00376
scoring_system epss
scoring_elements 0.59599
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55674
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55674
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55674
3
reference_url http://www.openwall.com/lists/oss-security/2025/08/14/5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/14/5
4
reference_url https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo
reference_id cn49ps15ny3g2b1qzdg5mj7hp47p5jdo
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:49:40Z/
url https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo
5
reference_url https://github.com/advisories/GHSA-fxgf-3xh6-m2pp
reference_id GHSA-fxgf-3xh6-m2pp
reference_type
scores
url https://github.com/advisories/GHSA-fxgf-3xh6-m2pp
fixed_packages
0
url pkg:pypi/apache-superset@5.0.0
purl pkg:pypi/apache-superset@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8bqq-wrc2-b3de
1
vulnerability VCID-tvfr-mp56-b7f4
2
vulnerability VCID-ubwg-81j2-8yhd
3
vulnerability VCID-us7y-vvzr-2fea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0
aliases CVE-2025-55674, GHSA-fxgf-3xh6-m2pp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mjty-hv8c-mbck
33
url VCID-mwbp-vuvw-mua1
vulnerability_id VCID-mwbp-vuvw-mua1
summary 
Generation of Error Message Containing analytics metadata Information in Apache Superset.

This issue affects Apache Superset: before 4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53948
reference_id
reference_type
scores
0
value 0.00172
scoring_system epss
scoring_elements 0.38466
published_at 2026-06-11T12:55:00Z
1
value 0.00172
scoring_system epss
scoring_elements 0.38639
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53948
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53948
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53948
4
reference_url http://www.openwall.com/lists/oss-security/2024/12/09/3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/12/09/3
5
reference_url https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf
reference_id 8howpf3png0wrgpls46ggk441oczlfvf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:04:23Z/
url https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf
6
reference_url https://github.com/advisories/GHSA-2cx9-54hp-r698
reference_id GHSA-2cx9-54hp-r698
reference_type
scores
url https://github.com/advisories/GHSA-2cx9-54hp-r698
fixed_packages
0
url pkg:pypi/apache-superset@4.1.0
purl pkg:pypi/apache-superset@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-35bq-93h8-qufg
2
vulnerability VCID-8bqq-wrc2-b3de
3
vulnerability VCID-djyw-btmk-tyc1
4
vulnerability VCID-mjty-hv8c-mbck
5
vulnerability VCID-pvr6-v3ds-sqcr
6
vulnerability VCID-tvfr-mp56-b7f4
7
vulnerability VCID-ubwg-81j2-8yhd
8
vulnerability VCID-us7y-vvzr-2fea
9
vulnerability VCID-v735-muyq-h7hr
10
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0
aliases CVE-2024-53948, GHSA-2cx9-54hp-r698
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbp-vuvw-mua1
34
url VCID-pvr6-v3ds-sqcr
vulnerability_id VCID-pvr6-v3ds-sqcr
summary 
An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.

This issue affects Apache Superset: before 4.1.2.

Users are recommended to upgrade to version 4.1.2, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-48912
reference_id
reference_type
scores
0
value 0.00335
scoring_system epss
scoring_elements 0.56872
published_at 2026-06-12T12:55:00Z
1
value 0.00335
scoring_system epss
scoring_elements 0.56751
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-48912
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-48912
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-48912
3
reference_url http://www.openwall.com/lists/oss-security/2025/05/30/3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/30/3
4
reference_url https://github.com/advisories/GHSA-8w7f-8pr9-xgwj
reference_id GHSA-8w7f-8pr9-xgwj
reference_type
scores
url https://github.com/advisories/GHSA-8w7f-8pr9-xgwj
5
reference_url https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135
reference_id ms2t2oq218hb7l628trsogo4fj7h1135
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T12:55:47Z/
url https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135
fixed_packages
0
url pkg:pypi/apache-superset@4.1.2
purl pkg:pypi/apache-superset@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-8bqq-wrc2-b3de
2
vulnerability VCID-djyw-btmk-tyc1
3
vulnerability VCID-mjty-hv8c-mbck
4
vulnerability VCID-tvfr-mp56-b7f4
5
vulnerability VCID-ubwg-81j2-8yhd
6
vulnerability VCID-us7y-vvzr-2fea
7
vulnerability VCID-v735-muyq-h7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2
aliases CVE-2025-48912, GHSA-8w7f-8pr9-xgwj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pvr6-v3ds-sqcr
35
url VCID-q2f7-jq7w-vkc5
vulnerability_id VCID-q2f7-jq7w-vkc5
summary 
A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.

For 2.X versions, users should change their config to include:

TALISMAN_CONFIG = {
    "content_security_policy": {
        "base-uri": ["'self'"],
        "default-src": ["'self'"],
        "img-src": ["'self'", "blob:", "data:"],
        "worker-src": ["'self'", "blob:"],
        "connect-src": [
            "'self'",
            " https://api.mapbox.com" https://api.mapbox.com" ;,
            " https://events.mapbox.com" https://events.mapbox.com" ;,
        ],
        "object-src": "'none'",
        "style-src": [
            "'self'",
            "'unsafe-inline'",
        ],
        "script-src": ["'self'", "'strict-dynamic'"],
    },
    "content_security_policy_nonce_in": ["script-src"],
    "force_https": False,
    "session_cookie_secure": False,
}
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49657
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.61081
published_at 2026-06-11T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.61187
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49657
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/01/23/5
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2024/01/23/5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49657
reference_id CVE-2023-49657
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49657
4
reference_url https://github.com/advisories/GHSA-rwhh-6x83-84v6
reference_id GHSA-rwhh-6x83-84v6
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rwhh-6x83-84v6
5
reference_url https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx
reference_id wjyvz8om9nwd396lh0bt156mtwjxpsvx
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:03:28Z/
url https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx
fixed_packages
0
url pkg:pypi/apache-superset@3.0.3
purl pkg:pypi/apache-superset@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-mjty-hv8c-mbck
12
vulnerability VCID-mwbp-vuvw-mua1
13
vulnerability VCID-pvr6-v3ds-sqcr
14
vulnerability VCID-rkx2-ky5w-myce
15
vulnerability VCID-tvfr-mp56-b7f4
16
vulnerability VCID-ubwg-81j2-8yhd
17
vulnerability VCID-us7y-vvzr-2fea
18
vulnerability VCID-uxws-xum3-efgv
19
vulnerability VCID-v735-muyq-h7hr
20
vulnerability VCID-vafu-fk53-6yd4
21
vulnerability VCID-xsmf-gtwu-1kae
22
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.3
aliases CVE-2023-49657, GHSA-rwhh-6x83-84v6
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2f7-jq7w-vkc5
36
url VCID-rkx2-ky5w-myce
vulnerability_id VCID-rkx2-ky5w-myce
summary 
Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24773
reference_id
reference_type
scores
0
value 0.0015
scoring_system epss
scoring_elements 0.35496
published_at 2026-06-12T12:55:00Z
1
value 0.0015
scoring_system epss
scoring_elements 0.35318
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24773
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/28/4
reference_id 4
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/
url http://www.openwall.com/lists/oss-security/2024/02/28/4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24773
reference_id CVE-2024-24773
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24773
4
reference_url https://github.com/advisories/GHSA-5474-f7g5-273q
reference_id GHSA-5474-f7g5-273q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5474-f7g5-273q
5
reference_url https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501
reference_id h66fy6nj41cfx07zh7l552w6dmtjh501
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/
url https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501
fixed_packages
0
url pkg:pypi/apache-superset@3.0.4
purl pkg:pypi/apache-superset@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4
1
url pkg:pypi/apache-superset@3.1.1
purl pkg:pypi/apache-superset@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1
aliases CVE-2024-24773, GHSA-5474-f7g5-273q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-ky5w-myce
37
url VCID-s7bz-64kr-9yfs
vulnerability_id VCID-s7bz-64kr-9yfs
summary 
Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  
This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46104
reference_id
reference_type
scores
0
value 0.00592
scoring_system epss
scoring_elements 0.69813
published_at 2026-06-12T12:55:00Z
1
value 0.00592
scoring_system epss
scoring_elements 0.69723
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46104
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154
3
reference_url https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46104
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46104
5
reference_url http://www.openwall.com/lists/oss-security/2023/12/19/1
reference_id 1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/
url http://www.openwall.com/lists/oss-security/2023/12/19/1
6
reference_url http://www.openwall.com/lists/oss-security/2024/02/14/2
reference_id 2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/
url http://www.openwall.com/lists/oss-security/2024/02/14/2
7
reference_url http://www.openwall.com/lists/oss-security/2024/02/14/3
reference_id 3
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/
url http://www.openwall.com/lists/oss-security/2024/02/14/3
8
reference_url https://github.com/advisories/GHSA-95mg-jgfx-54v9
reference_id GHSA-95mg-jgfx-54v9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95mg-jgfx-54v9
9
reference_url https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl
reference_id yxbxg4wryb7cb7wyybk11l5nqy0rsrvl
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/
url https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl
fixed_packages
0
url pkg:pypi/apache-superset@2.1.2
purl pkg:pypi/apache-superset@2.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8s2r-g7nq-9qcm
7
vulnerability VCID-98eq-5ynn-2ba5
8
vulnerability VCID-c1du-my8w-3kc4
9
vulnerability VCID-czv8-b1v4-s3gv
10
vulnerability VCID-djyw-btmk-tyc1
11
vulnerability VCID-f3cr-98hh-qygb
12
vulnerability VCID-fw5g-fb97-5qgv
13
vulnerability VCID-h8px-dtx8-7ucd
14
vulnerability VCID-jbtq-unbj-nyez
15
vulnerability VCID-mjty-hv8c-mbck
16
vulnerability VCID-mwbp-vuvw-mua1
17
vulnerability VCID-pvr6-v3ds-sqcr
18
vulnerability VCID-q2f7-jq7w-vkc5
19
vulnerability VCID-rkx2-ky5w-myce
20
vulnerability VCID-ss9d-ku99-b3gf
21
vulnerability VCID-tvfr-mp56-b7f4
22
vulnerability VCID-ubwg-81j2-8yhd
23
vulnerability VCID-us7y-vvzr-2fea
24
vulnerability VCID-uxws-xum3-efgv
25
vulnerability VCID-v735-muyq-h7hr
26
vulnerability VCID-vafu-fk53-6yd4
27
vulnerability VCID-xsmf-gtwu-1kae
28
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2
1
url pkg:pypi/apache-superset@3.1.0rc1
purl pkg:pypi/apache-superset@3.1.0rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.0rc1
aliases CVE-2023-46104, GHSA-95mg-jgfx-54v9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bz-64kr-9yfs
38
url VCID-ss9d-ku99-b3gf
vulnerability_id VCID-ss9d-ku99-b3gf
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49734
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.33845
published_at 2026-06-11T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.34022
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49734
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6
3
reference_url https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0
4
reference_url https://github.com/apache/superset/pull/25843
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/pull/25843
5
reference_url https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49734
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49734
7
reference_url http://www.openwall.com/lists/oss-security/2023/12/19/3
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/12/19/3
8
reference_url https://github.com/advisories/GHSA-g49j-j489-3xpf
reference_id GHSA-g49j-j489-3xpf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g49j-j489-3xpf
fixed_packages
0
url pkg:pypi/apache-superset@2.1.3
purl pkg:pypi/apache-superset@2.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-mjty-hv8c-mbck
12
vulnerability VCID-mwbp-vuvw-mua1
13
vulnerability VCID-pvr6-v3ds-sqcr
14
vulnerability VCID-q2f7-jq7w-vkc5
15
vulnerability VCID-rkx2-ky5w-myce
16
vulnerability VCID-tvfr-mp56-b7f4
17
vulnerability VCID-ubwg-81j2-8yhd
18
vulnerability VCID-us7y-vvzr-2fea
19
vulnerability VCID-uxws-xum3-efgv
20
vulnerability VCID-v735-muyq-h7hr
21
vulnerability VCID-vafu-fk53-6yd4
22
vulnerability VCID-xsmf-gtwu-1kae
23
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3
1
url pkg:pypi/apache-superset@3.0.2
purl pkg:pypi/apache-superset@3.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-8bqq-wrc2-b3de
5
vulnerability VCID-8s2r-g7nq-9qcm
6
vulnerability VCID-czv8-b1v4-s3gv
7
vulnerability VCID-djyw-btmk-tyc1
8
vulnerability VCID-f3cr-98hh-qygb
9
vulnerability VCID-fw5g-fb97-5qgv
10
vulnerability VCID-h8px-dtx8-7ucd
11
vulnerability VCID-mjty-hv8c-mbck
12
vulnerability VCID-mwbp-vuvw-mua1
13
vulnerability VCID-pvr6-v3ds-sqcr
14
vulnerability VCID-q2f7-jq7w-vkc5
15
vulnerability VCID-rkx2-ky5w-myce
16
vulnerability VCID-s7bz-64kr-9yfs
17
vulnerability VCID-tvfr-mp56-b7f4
18
vulnerability VCID-ubwg-81j2-8yhd
19
vulnerability VCID-us7y-vvzr-2fea
20
vulnerability VCID-uxws-xum3-efgv
21
vulnerability VCID-v735-muyq-h7hr
22
vulnerability VCID-vafu-fk53-6yd4
23
vulnerability VCID-xsmf-gtwu-1kae
24
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2
aliases CVE-2023-49734, GHSA-g49j-j489-3xpf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9d-ku99-b3gf
39
url VCID-tf8b-bq3r-2fhc
vulnerability_id VCID-tf8b-bq3r-2fhc
summary By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-39264
reference_id
reference_type
scores
0
value 0.0014
scoring_system epss
scoring_elements 0.34025
published_at 2026-06-12T12:55:00Z
1
value 0.0014
scoring_system epss
scoring_elements 0.33849
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-39264
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-39264
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-39264
3
reference_url https://github.com/advisories/GHSA-cpvx-2365-466c
reference_id GHSA-cpvx-2365-466c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-cpvx-2365-466c
4
reference_url https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75
reference_id y65t1of7hb445n86o1vdzjct7rfwlx75
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:48:40Z/
url https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-39264, GHSA-cpvx-2365-466c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tf8b-bq3r-2fhc
40
url VCID-tvfr-mp56-b7f4
vulnerability_id VCID-tvfr-mp56-b7f4
summary 
Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23980
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12879
published_at 2026-06-12T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12784
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23980
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/24/5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/24/5
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23980
reference_id CVE-2026-23980
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23980
4
reference_url https://github.com/advisories/GHSA-gvxg-9hqx-f4rg
reference_id GHSA-gvxg-9hqx-f4rg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvxg-9hqx-f4rg
5
reference_url https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4
reference_id h4l02zw1pr2vywv0dc5zjn3grdcdhwf4
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:05:27Z/
url https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4
fixed_packages
0
url pkg:pypi/apache-superset@6.0.0
purl pkg:pypi/apache-superset@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0
aliases CVE-2026-23980, GHSA-gvxg-9hqx-f4rg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfr-mp56-b7f4
41
url VCID-ubwg-81j2-8yhd
vulnerability_id VCID-ubwg-81j2-8yhd
summary 
An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.
While the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements.

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23984
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12952
published_at 2026-06-12T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12856
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23984
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/24/8
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/24/8
3
reference_url https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26
reference_id 72cmgxtvp9pclto4ln1chbs1227nwd26
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:51:19Z/
url https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23984
reference_id CVE-2026-23984
reference_type
scores
0
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23984
5
reference_url https://github.com/advisories/GHSA-mwf2-qr4v-94h2
reference_id GHSA-mwf2-qr4v-94h2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mwf2-qr4v-94h2
fixed_packages
0
url pkg:pypi/apache-superset@6.0.0
purl pkg:pypi/apache-superset@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0
aliases CVE-2026-23984, GHSA-mwf2-qr4v-94h2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ubwg-81j2-8yhd
42
url VCID-us7y-vvzr-2fea
vulnerability_id VCID-us7y-vvzr-2fea
summary 
A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag.
When these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data 

This issue affects Apache Superset: before 6.0.0.

Users are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-23983
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17696
published_at 2026-06-12T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17536
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-23983
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2026/02/24/7
reference_id
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/02/24/7
3
reference_url https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww
reference_id 62mgbc5hc8026skp69kb6vqozj3pr5ww
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:46:54Z/
url https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-23983
reference_id CVE-2026-23983
reference_type
scores
0
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-23983
5
reference_url https://github.com/advisories/GHSA-h294-8fxm-m2pj
reference_id GHSA-h294-8fxm-m2pj
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h294-8fxm-m2pj
fixed_packages
0
url pkg:pypi/apache-superset@6.0.0
purl pkg:pypi/apache-superset@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0
aliases CVE-2026-23983, GHSA-h294-8fxm-m2pj
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-us7y-vvzr-2fea
43
url VCID-uxws-xum3-efgv
vulnerability_id VCID-uxws-xum3-efgv
summary 
Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.
This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.

Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-24779
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32432
published_at 2026-06-11T12:55:00Z
1
value 0.00133
scoring_system epss
scoring_elements 0.32612
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-24779
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/02/28/6
reference_id 6
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/
url http://www.openwall.com/lists/oss-security/2024/02/28/6
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-24779
reference_id CVE-2024-24779
reference_type
scores
0
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-24779
4
reference_url https://github.com/advisories/GHSA-wr6g-9wcr-cmqj
reference_id GHSA-wr6g-9wcr-cmqj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wr6g-9wcr-cmqj
5
reference_url https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq
reference_id xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq
reference_type
scores
0
value 5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
1
value 5.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/
url https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq
fixed_packages
0
url pkg:pypi/apache-superset@3.0.4
purl pkg:pypi/apache-superset@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4
1
url pkg:pypi/apache-superset@3.1.1
purl pkg:pypi/apache-superset@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-8s2r-g7nq-9qcm
5
vulnerability VCID-czv8-b1v4-s3gv
6
vulnerability VCID-djyw-btmk-tyc1
7
vulnerability VCID-f3cr-98hh-qygb
8
vulnerability VCID-mjty-hv8c-mbck
9
vulnerability VCID-mwbp-vuvw-mua1
10
vulnerability VCID-pvr6-v3ds-sqcr
11
vulnerability VCID-tvfr-mp56-b7f4
12
vulnerability VCID-ubwg-81j2-8yhd
13
vulnerability VCID-us7y-vvzr-2fea
14
vulnerability VCID-v735-muyq-h7hr
15
vulnerability VCID-vafu-fk53-6yd4
16
vulnerability VCID-xsmf-gtwu-1kae
17
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1
aliases CVE-2024-24779, GHSA-wr6g-9wcr-cmqj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uxws-xum3-efgv
44
url VCID-uyy9-mrk5-fbhd
vulnerability_id VCID-uyy9-mrk5-fbhd
summary An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43721
reference_id
reference_type
scores
0
value 0.00651
scoring_system epss
scoring_elements 0.71365
published_at 2026-06-11T12:55:00Z
1
value 0.00724
scoring_system epss
scoring_elements 0.73092
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43721
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43721
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43721
3
reference_url https://github.com/advisories/GHSA-fcg4-pm6h-9xx2
reference_id GHSA-fcg4-pm6h-9xx2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fcg4-pm6h-9xx2
4
reference_url https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
reference_id s6sqt5jmcv6qxtvdot1t5tpt57v439kg
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:00:49Z/
url https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-43721, GHSA-fcg4-pm6h-9xx2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uyy9-mrk5-fbhd
45
url VCID-v735-muyq-h7hr
vulnerability_id VCID-v735-muyq-h7hr
summary 
A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.

This issue affects Apache Superset: before 5.0.0.

Users are recommended to upgrade to version 5.0.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-55672
reference_id
reference_type
scores
0
value 0.00217
scoring_system epss
scoring_elements 0.44469
published_at 2026-06-12T12:55:00Z
1
value 0.00217
scoring_system epss
scoring_elements 0.44316
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-55672
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-55672
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-55672
3
reference_url http://www.openwall.com/lists/oss-security/2025/08/14/4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/08/14/4
4
reference_url https://github.com/advisories/GHSA-fj97-2v9x-w5m4
reference_id GHSA-fj97-2v9x-w5m4
reference_type
scores
url https://github.com/advisories/GHSA-fj97-2v9x-w5m4
5
reference_url https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj
reference_id rvh7fdjfzxzjhcfwoz7twc2brhvochdj
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:52:16Z/
url https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj
fixed_packages
0
url pkg:pypi/apache-superset@5.0.0
purl pkg:pypi/apache-superset@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8bqq-wrc2-b3de
1
vulnerability VCID-tvfr-mp56-b7f4
2
vulnerability VCID-ubwg-81j2-8yhd
3
vulnerability VCID-us7y-vvzr-2fea
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0
aliases CVE-2025-55672, GHSA-fj97-2v9x-w5m4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v735-muyq-h7hr
46
url VCID-vafu-fk53-6yd4
vulnerability_id VCID-vafu-fk53-6yd4
summary 
Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0

Users are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34693
reference_id
reference_type
scores
0
value 0.12622
scoring_system epss
scoring_elements 0.94143
published_at 2026-06-12T12:55:00Z
1
value 0.12622
scoring_system epss
scoring_elements 0.94122
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34693
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url http://www.openwall.com/lists/oss-security/2024/06/20/1
reference_id 1
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/
url http://www.openwall.com/lists/oss-security/2024/06/20/1
3
reference_url https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon
reference_id 1803x1s34m7r71h1k0q1njol8k6fmyon
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/
url https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34693
reference_id CVE-2024-34693
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34693
5
reference_url https://github.com/advisories/GHSA-hcr7-cqwc-q5gq
reference_id GHSA-hcr7-cqwc-q5gq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hcr7-cqwc-q5gq
fixed_packages
0
url pkg:pypi/apache-superset@3.1.3
purl pkg:pypi/apache-superset@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-czv8-b1v4-s3gv
5
vulnerability VCID-djyw-btmk-tyc1
6
vulnerability VCID-f3cr-98hh-qygb
7
vulnerability VCID-mjty-hv8c-mbck
8
vulnerability VCID-mwbp-vuvw-mua1
9
vulnerability VCID-pvr6-v3ds-sqcr
10
vulnerability VCID-tvfr-mp56-b7f4
11
vulnerability VCID-ubwg-81j2-8yhd
12
vulnerability VCID-us7y-vvzr-2fea
13
vulnerability VCID-v735-muyq-h7hr
14
vulnerability VCID-xsmf-gtwu-1kae
15
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.3
1
url pkg:pypi/apache-superset@4.0.1
purl pkg:pypi/apache-superset@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1gqt-cpea-b7ht
1
vulnerability VCID-2bqf-unav-tbfs
2
vulnerability VCID-35bq-93h8-qufg
3
vulnerability VCID-8bqq-wrc2-b3de
4
vulnerability VCID-czv8-b1v4-s3gv
5
vulnerability VCID-djyw-btmk-tyc1
6
vulnerability VCID-f3cr-98hh-qygb
7
vulnerability VCID-mjty-hv8c-mbck
8
vulnerability VCID-mwbp-vuvw-mua1
9
vulnerability VCID-pvr6-v3ds-sqcr
10
vulnerability VCID-tvfr-mp56-b7f4
11
vulnerability VCID-ubwg-81j2-8yhd
12
vulnerability VCID-us7y-vvzr-2fea
13
vulnerability VCID-v735-muyq-h7hr
14
vulnerability VCID-xsmf-gtwu-1kae
15
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.1
aliases CVE-2024-34693, GHSA-hcr7-cqwc-q5gq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vafu-fk53-6yd4
47
url VCID-w4pb-uqe1-27cv
vulnerability_id VCID-w4pb-uqe1-27cv
summary Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-43719
reference_id
reference_type
scores
0
value 0.00456
scoring_system epss
scoring_elements 0.64305
published_at 2026-06-11T12:55:00Z
1
value 0.01528
scoring_system epss
scoring_elements 0.81764
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-43719
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-43719
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-43719
3
reference_url https://github.com/advisories/GHSA-7222-r37x-8q3m
reference_id GHSA-7222-r37x-8q3m
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7222-r37x-8q3m
4
reference_url https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0
reference_id xc309h2dphrkg33154djf3nqlh2xc1c0
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-07T15:03:55Z/
url https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0
fixed_packages
0
url pkg:pypi/apache-superset@1.5.3
purl pkg:pypi/apache-superset@1.5.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-djyw-btmk-tyc1
17
vulnerability VCID-ew1h-9gne-ckda
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-jkea-eab6-rubm
24
vulnerability VCID-meyp-4j5x-sfbt
25
vulnerability VCID-mjty-hv8c-mbck
26
vulnerability VCID-mwbp-vuvw-mua1
27
vulnerability VCID-pvr6-v3ds-sqcr
28
vulnerability VCID-q2f7-jq7w-vkc5
29
vulnerability VCID-rkx2-ky5w-myce
30
vulnerability VCID-s7bz-64kr-9yfs
31
vulnerability VCID-ss9d-ku99-b3gf
32
vulnerability VCID-tf8b-bq3r-2fhc
33
vulnerability VCID-tvfr-mp56-b7f4
34
vulnerability VCID-ubwg-81j2-8yhd
35
vulnerability VCID-us7y-vvzr-2fea
36
vulnerability VCID-uxws-xum3-efgv
37
vulnerability VCID-v735-muyq-h7hr
38
vulnerability VCID-vafu-fk53-6yd4
39
vulnerability VCID-wgd2-ud3v-gkdw
40
vulnerability VCID-xsmf-gtwu-1kae
41
vulnerability VCID-yyh5-z2zn-h7h7
42
vulnerability VCID-yyqg-c3nw-nkdn
43
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3
1
url pkg:pypi/apache-superset@2.0.1
purl pkg:pypi/apache-superset@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-ew1h-9gne-ckda
19
vulnerability VCID-f3cr-98hh-qygb
20
vulnerability VCID-fuze-h6b7-p7ej
21
vulnerability VCID-fw5g-fb97-5qgv
22
vulnerability VCID-h8px-dtx8-7ucd
23
vulnerability VCID-jbtq-unbj-nyez
24
vulnerability VCID-jkea-eab6-rubm
25
vulnerability VCID-meyp-4j5x-sfbt
26
vulnerability VCID-mjty-hv8c-mbck
27
vulnerability VCID-mwbp-vuvw-mua1
28
vulnerability VCID-pvr6-v3ds-sqcr
29
vulnerability VCID-q2f7-jq7w-vkc5
30
vulnerability VCID-rkx2-ky5w-myce
31
vulnerability VCID-s7bz-64kr-9yfs
32
vulnerability VCID-ss9d-ku99-b3gf
33
vulnerability VCID-tf8b-bq3r-2fhc
34
vulnerability VCID-tvfr-mp56-b7f4
35
vulnerability VCID-ubwg-81j2-8yhd
36
vulnerability VCID-us7y-vvzr-2fea
37
vulnerability VCID-uxws-xum3-efgv
38
vulnerability VCID-v735-muyq-h7hr
39
vulnerability VCID-vafu-fk53-6yd4
40
vulnerability VCID-wgd2-ud3v-gkdw
41
vulnerability VCID-xsmf-gtwu-1kae
42
vulnerability VCID-yyh5-z2zn-h7h7
43
vulnerability VCID-yyqg-c3nw-nkdn
44
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1
aliases CVE-2022-43719, GHSA-7222-r37x-8q3m
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pb-uqe1-27cv
48
url VCID-wgd2-ud3v-gkdw
vulnerability_id VCID-wgd2-ud3v-gkdw
summary An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-32672
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38662
published_at 2026-06-12T12:55:00Z
1
value 0.00173
scoring_system epss
scoring_elements 0.38488
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-32672
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-32672
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-32672
3
reference_url https://github.com/advisories/GHSA-95ch-p3gw-23qg
reference_id GHSA-95ch-p3gw-23qg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-95ch-p3gw-23qg
4
reference_url https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp
reference_id ococ6nlj80f0okkwfwpjczy3q84j3wkp
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:46:32Z/
url https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp
fixed_packages
0
url pkg:pypi/apache-superset@2.1.1rc1
purl pkg:pypi/apache-superset@2.1.1rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-annr-p6ed-wbaz
10
vulnerability VCID-c1du-my8w-3kc4
11
vulnerability VCID-czv8-b1v4-s3gv
12
vulnerability VCID-djyw-btmk-tyc1
13
vulnerability VCID-f3cr-98hh-qygb
14
vulnerability VCID-fuze-h6b7-p7ej
15
vulnerability VCID-fw5g-fb97-5qgv
16
vulnerability VCID-h8px-dtx8-7ucd
17
vulnerability VCID-jbtq-unbj-nyez
18
vulnerability VCID-meyp-4j5x-sfbt
19
vulnerability VCID-mjty-hv8c-mbck
20
vulnerability VCID-mwbp-vuvw-mua1
21
vulnerability VCID-pvr6-v3ds-sqcr
22
vulnerability VCID-q2f7-jq7w-vkc5
23
vulnerability VCID-rkx2-ky5w-myce
24
vulnerability VCID-s7bz-64kr-9yfs
25
vulnerability VCID-ss9d-ku99-b3gf
26
vulnerability VCID-tvfr-mp56-b7f4
27
vulnerability VCID-ubwg-81j2-8yhd
28
vulnerability VCID-us7y-vvzr-2fea
29
vulnerability VCID-uxws-xum3-efgv
30
vulnerability VCID-v735-muyq-h7hr
31
vulnerability VCID-vafu-fk53-6yd4
32
vulnerability VCID-xsmf-gtwu-1kae
33
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1
1
url pkg:pypi/apache-superset@2.1.1
purl pkg:pypi/apache-superset@2.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-4axb-e4nm-3fcy
5
vulnerability VCID-8bqq-wrc2-b3de
6
vulnerability VCID-8qnw-zrab-y3ac
7
vulnerability VCID-8s2r-g7nq-9qcm
8
vulnerability VCID-98eq-5ynn-2ba5
9
vulnerability VCID-c1du-my8w-3kc4
10
vulnerability VCID-czv8-b1v4-s3gv
11
vulnerability VCID-djyw-btmk-tyc1
12
vulnerability VCID-f3cr-98hh-qygb
13
vulnerability VCID-fuze-h6b7-p7ej
14
vulnerability VCID-fw5g-fb97-5qgv
15
vulnerability VCID-h8px-dtx8-7ucd
16
vulnerability VCID-jbtq-unbj-nyez
17
vulnerability VCID-meyp-4j5x-sfbt
18
vulnerability VCID-mjty-hv8c-mbck
19
vulnerability VCID-mwbp-vuvw-mua1
20
vulnerability VCID-pvr6-v3ds-sqcr
21
vulnerability VCID-q2f7-jq7w-vkc5
22
vulnerability VCID-rkx2-ky5w-myce
23
vulnerability VCID-s7bz-64kr-9yfs
24
vulnerability VCID-ss9d-ku99-b3gf
25
vulnerability VCID-tvfr-mp56-b7f4
26
vulnerability VCID-ubwg-81j2-8yhd
27
vulnerability VCID-us7y-vvzr-2fea
28
vulnerability VCID-uxws-xum3-efgv
29
vulnerability VCID-v735-muyq-h7hr
30
vulnerability VCID-vafu-fk53-6yd4
31
vulnerability VCID-xsmf-gtwu-1kae
32
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1
aliases CVE-2023-32672, GHSA-95ch-p3gw-23qg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgd2-ud3v-gkdw
49
url VCID-xsmf-gtwu-1kae
vulnerability_id VCID-xsmf-gtwu-1kae
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.

This issue affects Apache Superset: <4.1.0.

Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53947
reference_id
reference_type
scores
0
value 0.00399
scoring_system epss
scoring_elements 0.61214
published_at 2026-06-12T12:55:00Z
1
value 0.00399
scoring_system epss
scoring_elements 0.61108
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53947
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53947
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53947
4
reference_url https://github.com/advisories/GHSA-92qf-8gh3-gwcm
reference_id GHSA-92qf-8gh3-gwcm
reference_type
scores
url https://github.com/advisories/GHSA-92qf-8gh3-gwcm
5
reference_url https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn
reference_id hj3gfsjh67vqw12nlrshlsym4bkopjmn
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 2.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:05:04Z/
url https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn
fixed_packages
0
url pkg:pypi/apache-superset@4.1.0
purl pkg:pypi/apache-superset@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-35bq-93h8-qufg
2
vulnerability VCID-8bqq-wrc2-b3de
3
vulnerability VCID-djyw-btmk-tyc1
4
vulnerability VCID-mjty-hv8c-mbck
5
vulnerability VCID-pvr6-v3ds-sqcr
6
vulnerability VCID-tvfr-mp56-b7f4
7
vulnerability VCID-ubwg-81j2-8yhd
8
vulnerability VCID-us7y-vvzr-2fea
9
vulnerability VCID-v735-muyq-h7hr
10
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0
aliases CVE-2024-53947, GHSA-92qf-8gh3-gwcm
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsmf-gtwu-1kae
50
url VCID-yyh5-z2zn-h7h7
vulnerability_id VCID-yyh5-z2zn-h7h7
summary 
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.

All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.
Add a strong SECRET_KEY to your `superset_config.py` file like:

SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>

Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-27524
reference_id
reference_type
scores
0
value 0.84026
scoring_system epss
scoring_elements 0.99323
published_at 2026-06-11T12:55:00Z
1
value 0.84026
scoring_system epss
scoring_elements 0.99326
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-27524
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-27524
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-27524
4
reference_url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524
5
reference_url http://www.openwall.com/lists/oss-security/2023/04/24/2
reference_id
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2023/04/24/2
6
reference_url https://www.openwall.com/lists/oss-security/2023/04/24/2
reference_id 2
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/
url https://www.openwall.com/lists/oss-security/2023/04/24/2
7
reference_url https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
reference_id Apache-Superset-2.0.0-Authentication-Bypass.html
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/
url https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html
8
reference_url https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
reference_id Apache-Superset-2.0.0-Remote-Code-Execution.html
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/
url https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html
9
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py
reference_id CVE-2023-27524
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py
10
reference_url https://github.com/advisories/GHSA-5cx2-vq3h-x52c
reference_id GHSA-5cx2-vq3h-x52c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cx2-vq3h-x52c
11
reference_url https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
reference_id n0ftx60sllf527j7g11kmt24wvof8xyk
reference_type
scores
0
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H
1
value 8.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Attend
scoring_system ssvc
scoring_elements SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/
url https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk
fixed_packages
0
url pkg:pypi/apache-superset@2.1.0
purl pkg:pypi/apache-superset@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-meyp-4j5x-sfbt
24
vulnerability VCID-mjty-hv8c-mbck
25
vulnerability VCID-mwbp-vuvw-mua1
26
vulnerability VCID-pvr6-v3ds-sqcr
27
vulnerability VCID-q2f7-jq7w-vkc5
28
vulnerability VCID-rkx2-ky5w-myce
29
vulnerability VCID-s7bz-64kr-9yfs
30
vulnerability VCID-ss9d-ku99-b3gf
31
vulnerability VCID-tf8b-bq3r-2fhc
32
vulnerability VCID-tvfr-mp56-b7f4
33
vulnerability VCID-ubwg-81j2-8yhd
34
vulnerability VCID-us7y-vvzr-2fea
35
vulnerability VCID-uxws-xum3-efgv
36
vulnerability VCID-v735-muyq-h7hr
37
vulnerability VCID-vafu-fk53-6yd4
38
vulnerability VCID-wgd2-ud3v-gkdw
39
vulnerability VCID-xsmf-gtwu-1kae
40
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0
aliases CVE-2023-27524, GHSA-5cx2-vq3h-x52c
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyh5-z2zn-h7h7
51
url VCID-yyqg-c3nw-nkdn
vulnerability_id VCID-yyqg-c3nw-nkdn
summary 
A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery
attacks and query internal resources on behalf of the server where Superset
is deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25504
reference_id
reference_type
scores
0
value 0.00159
scoring_system epss
scoring_elements 0.36717
published_at 2026-06-12T12:55:00Z
1
value 0.00159
scoring_system epss
scoring_elements 0.36538
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25504
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25504
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-25504
3
reference_url http://www.openwall.com/lists/oss-security/2023/04/18/8
reference_id 8
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/
url http://www.openwall.com/lists/oss-security/2023/04/18/8
4
reference_url https://github.com/advisories/GHSA-fxjg-28fm-pfxh
reference_id GHSA-fxjg-28fm-pfxh
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fxjg-28fm-pfxh
5
reference_url https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx
reference_id tdnzkocfsqg2sbbornnp9g492fn4zhtx
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/
url https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx
fixed_packages
0
url pkg:pypi/apache-superset@2.1.0
purl pkg:pypi/apache-superset@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-35bq-93h8-qufg
4
vulnerability VCID-3aw6-59a3-eba8
5
vulnerability VCID-4axb-e4nm-3fcy
6
vulnerability VCID-58d5-z1y6-qffj
7
vulnerability VCID-5m3g-6uya-1fe3
8
vulnerability VCID-6brk-rjs7-67he
9
vulnerability VCID-8bqq-wrc2-b3de
10
vulnerability VCID-8qnw-zrab-y3ac
11
vulnerability VCID-8s2r-g7nq-9qcm
12
vulnerability VCID-98eq-5ynn-2ba5
13
vulnerability VCID-9wan-6z96-uudu
14
vulnerability VCID-annr-p6ed-wbaz
15
vulnerability VCID-c1du-my8w-3kc4
16
vulnerability VCID-czv8-b1v4-s3gv
17
vulnerability VCID-djyw-btmk-tyc1
18
vulnerability VCID-f3cr-98hh-qygb
19
vulnerability VCID-fuze-h6b7-p7ej
20
vulnerability VCID-fw5g-fb97-5qgv
21
vulnerability VCID-h8px-dtx8-7ucd
22
vulnerability VCID-jbtq-unbj-nyez
23
vulnerability VCID-meyp-4j5x-sfbt
24
vulnerability VCID-mjty-hv8c-mbck
25
vulnerability VCID-mwbp-vuvw-mua1
26
vulnerability VCID-pvr6-v3ds-sqcr
27
vulnerability VCID-q2f7-jq7w-vkc5
28
vulnerability VCID-rkx2-ky5w-myce
29
vulnerability VCID-s7bz-64kr-9yfs
30
vulnerability VCID-ss9d-ku99-b3gf
31
vulnerability VCID-tf8b-bq3r-2fhc
32
vulnerability VCID-tvfr-mp56-b7f4
33
vulnerability VCID-ubwg-81j2-8yhd
34
vulnerability VCID-us7y-vvzr-2fea
35
vulnerability VCID-uxws-xum3-efgv
36
vulnerability VCID-v735-muyq-h7hr
37
vulnerability VCID-vafu-fk53-6yd4
38
vulnerability VCID-wgd2-ud3v-gkdw
39
vulnerability VCID-xsmf-gtwu-1kae
40
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0
aliases CVE-2023-25504, GHSA-fxjg-28fm-pfxh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyqg-c3nw-nkdn
52
url VCID-zvzt-19xv-6ubd
vulnerability_id VCID-zvzt-19xv-6ubd
summary 
Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.

This issue affects Apache Superset: through 4.1.1.

Users are recommended to upgrade to version 4.1.2 or above, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27696
reference_id
reference_type
scores
0
value 0.00079
scoring_system epss
scoring_elements 0.23681
published_at 2026-06-12T12:55:00Z
1
value 0.00079
scoring_system epss
scoring_elements 0.23484
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27696
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27696
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27696
4
reference_url http://www.openwall.com/lists/oss-security/2025/05/12/3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2025/05/12/3
5
reference_url https://github.com/advisories/GHSA-w6c7-j32f-rq8j
reference_id GHSA-w6c7-j32f-rq8j
reference_type
scores
url https://github.com/advisories/GHSA-w6c7-j32f-rq8j
6
reference_url https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413
reference_id k2od03bxnxs6vcp80sr03ywcxl194413
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T13:15:33Z/
url https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413
fixed_packages
0
url pkg:pypi/apache-superset@4.1.2
purl pkg:pypi/apache-superset@4.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2bqf-unav-tbfs
1
vulnerability VCID-8bqq-wrc2-b3de
2
vulnerability VCID-djyw-btmk-tyc1
3
vulnerability VCID-mjty-hv8c-mbck
4
vulnerability VCID-tvfr-mp56-b7f4
5
vulnerability VCID-ubwg-81j2-8yhd
6
vulnerability VCID-us7y-vvzr-2fea
7
vulnerability VCID-v735-muyq-h7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2
aliases CVE-2025-27696, GHSA-w6c7-j32f-rq8j
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zvzt-19xv-6ubd
Fixing_vulnerabilities
0
url VCID-4zgy-r2br-37hy
vulnerability_id VCID-4zgy-r2br-37hy
summary Apache Superset allowed for database connections password leak for authenticated users
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-41972
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46445
published_at 2026-06-11T12:55:00Z
1
value 0.00234
scoring_system epss
scoring_elements 0.4659
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-41972
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-434.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-434.yaml
3
reference_url https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v
4
reference_url https://seclists.org/oss-sec/2021/q4/106
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/oss-sec/2021/q4/106
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-41972
reference_id CVE-2021-41972
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-41972
6
reference_url https://github.com/advisories/GHSA-42q4-9xf9-f67x
reference_id GHSA-42q4-9xf9-f67x
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-42q4-9xf9-f67x
fixed_packages
0
url pkg:pypi/apache-superset@1.3.2
purl pkg:pypi/apache-superset@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-2npv-nu15-6uee
4
vulnerability VCID-35bq-93h8-qufg
5
vulnerability VCID-3aw6-59a3-eba8
6
vulnerability VCID-3q94-rkzw-q7bb
7
vulnerability VCID-3sh2-fv5f-jkh5
8
vulnerability VCID-46y8-wuk7-hfad
9
vulnerability VCID-4axb-e4nm-3fcy
10
vulnerability VCID-58d5-z1y6-qffj
11
vulnerability VCID-5m3g-6uya-1fe3
12
vulnerability VCID-6brk-rjs7-67he
13
vulnerability VCID-8bqq-wrc2-b3de
14
vulnerability VCID-8qnw-zrab-y3ac
15
vulnerability VCID-8s2r-g7nq-9qcm
16
vulnerability VCID-98eq-5ynn-2ba5
17
vulnerability VCID-9wan-6z96-uudu
18
vulnerability VCID-au4r-bwjy-rbdw
19
vulnerability VCID-c1du-my8w-3kc4
20
vulnerability VCID-cmt6-zps1-1yaa
21
vulnerability VCID-djyw-btmk-tyc1
22
vulnerability VCID-ew1h-9gne-ckda
23
vulnerability VCID-f3cr-98hh-qygb
24
vulnerability VCID-fuze-h6b7-p7ej
25
vulnerability VCID-fw5g-fb97-5qgv
26
vulnerability VCID-ggry-wydz-j3az
27
vulnerability VCID-h8px-dtx8-7ucd
28
vulnerability VCID-hb6y-7ujs-bfe9
29
vulnerability VCID-jbtq-unbj-nyez
30
vulnerability VCID-jkea-eab6-rubm
31
vulnerability VCID-meyp-4j5x-sfbt
32
vulnerability VCID-mjty-hv8c-mbck
33
vulnerability VCID-mwbp-vuvw-mua1
34
vulnerability VCID-pvr6-v3ds-sqcr
35
vulnerability VCID-q2f7-jq7w-vkc5
36
vulnerability VCID-rkx2-ky5w-myce
37
vulnerability VCID-s7bz-64kr-9yfs
38
vulnerability VCID-ss9d-ku99-b3gf
39
vulnerability VCID-tf8b-bq3r-2fhc
40
vulnerability VCID-tvfr-mp56-b7f4
41
vulnerability VCID-ubwg-81j2-8yhd
42
vulnerability VCID-us7y-vvzr-2fea
43
vulnerability VCID-uxws-xum3-efgv
44
vulnerability VCID-uyy9-mrk5-fbhd
45
vulnerability VCID-v735-muyq-h7hr
46
vulnerability VCID-vafu-fk53-6yd4
47
vulnerability VCID-w4pb-uqe1-27cv
48
vulnerability VCID-wgd2-ud3v-gkdw
49
vulnerability VCID-xsmf-gtwu-1kae
50
vulnerability VCID-yyh5-z2zn-h7h7
51
vulnerability VCID-yyqg-c3nw-nkdn
52
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.2
aliases BIT-superset-2021-41972, CVE-2021-41972, GHSA-42q4-9xf9-f67x, PYSEC-2021-434
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4zgy-r2br-37hy
1
url VCID-7zqa-ny6m-kqfw
vulnerability_id VCID-7zqa-ny6m-kqfw
summary Improper Encoding or Escaping of Output in Apache Superset
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-42250
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61551
published_at 2026-06-11T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61654
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-42250
1
reference_url https://github.com/apache/superset
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/superset
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-435.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-435.yaml
3
reference_url https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9
4
reference_url http://www.openwall.com/lists/oss-security/2021/11/17/2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2021/11/17/2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-42250
reference_id CVE-2021-42250
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-42250
6
reference_url https://github.com/advisories/GHSA-5fp8-c45m-256p
reference_id GHSA-5fp8-c45m-256p
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-5fp8-c45m-256p
fixed_packages
0
url pkg:pypi/apache-superset@1.3.2
purl pkg:pypi/apache-superset@1.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-19em-abzu-5bd5
1
vulnerability VCID-1gqt-cpea-b7ht
2
vulnerability VCID-2bqf-unav-tbfs
3
vulnerability VCID-2npv-nu15-6uee
4
vulnerability VCID-35bq-93h8-qufg
5
vulnerability VCID-3aw6-59a3-eba8
6
vulnerability VCID-3q94-rkzw-q7bb
7
vulnerability VCID-3sh2-fv5f-jkh5
8
vulnerability VCID-46y8-wuk7-hfad
9
vulnerability VCID-4axb-e4nm-3fcy
10
vulnerability VCID-58d5-z1y6-qffj
11
vulnerability VCID-5m3g-6uya-1fe3
12
vulnerability VCID-6brk-rjs7-67he
13
vulnerability VCID-8bqq-wrc2-b3de
14
vulnerability VCID-8qnw-zrab-y3ac
15
vulnerability VCID-8s2r-g7nq-9qcm
16
vulnerability VCID-98eq-5ynn-2ba5
17
vulnerability VCID-9wan-6z96-uudu
18
vulnerability VCID-au4r-bwjy-rbdw
19
vulnerability VCID-c1du-my8w-3kc4
20
vulnerability VCID-cmt6-zps1-1yaa
21
vulnerability VCID-djyw-btmk-tyc1
22
vulnerability VCID-ew1h-9gne-ckda
23
vulnerability VCID-f3cr-98hh-qygb
24
vulnerability VCID-fuze-h6b7-p7ej
25
vulnerability VCID-fw5g-fb97-5qgv
26
vulnerability VCID-ggry-wydz-j3az
27
vulnerability VCID-h8px-dtx8-7ucd
28
vulnerability VCID-hb6y-7ujs-bfe9
29
vulnerability VCID-jbtq-unbj-nyez
30
vulnerability VCID-jkea-eab6-rubm
31
vulnerability VCID-meyp-4j5x-sfbt
32
vulnerability VCID-mjty-hv8c-mbck
33
vulnerability VCID-mwbp-vuvw-mua1
34
vulnerability VCID-pvr6-v3ds-sqcr
35
vulnerability VCID-q2f7-jq7w-vkc5
36
vulnerability VCID-rkx2-ky5w-myce
37
vulnerability VCID-s7bz-64kr-9yfs
38
vulnerability VCID-ss9d-ku99-b3gf
39
vulnerability VCID-tf8b-bq3r-2fhc
40
vulnerability VCID-tvfr-mp56-b7f4
41
vulnerability VCID-ubwg-81j2-8yhd
42
vulnerability VCID-us7y-vvzr-2fea
43
vulnerability VCID-uxws-xum3-efgv
44
vulnerability VCID-uyy9-mrk5-fbhd
45
vulnerability VCID-v735-muyq-h7hr
46
vulnerability VCID-vafu-fk53-6yd4
47
vulnerability VCID-w4pb-uqe1-27cv
48
vulnerability VCID-wgd2-ud3v-gkdw
49
vulnerability VCID-xsmf-gtwu-1kae
50
vulnerability VCID-yyh5-z2zn-h7h7
51
vulnerability VCID-yyqg-c3nw-nkdn
52
vulnerability VCID-zvzt-19xv-6ubd
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.2
aliases BIT-superset-2021-42250, CVE-2021-42250, GHSA-5fp8-c45m-256p, PYSEC-2021-435
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7zqa-ny6m-kqfw
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.2