{"url":"http://public2.vulnerablecode.io/api/packages/60721?format=json","purl":"pkg:pypi/apache-superset@0.37.0","type":"pypi","namespace":"","name":"apache-superset","version":"0.37.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0","latest_non_vulnerable_version":"6.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=json","vulnerability_id":"VCID-19em-abzu-5bd5","summary":"An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.321","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315","reference_id":"CVE-2024-27315","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315"},{"reference_url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r","reference_id":"GHSA-h7r6-8qmm-hj5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r"},{"reference_url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z","reference_id":"qcwbx7q2s3ynsd405895bx3wcwq32j7z","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T16:03:10Z/"}],"url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-27315","GHSA-h7r6-8qmm-hj5r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19em-abzu-5bd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59435?format=json","vulnerability_id":"VCID-1gqt-cpea-b7ht","summary":"Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77881","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/12/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/12/1"},{"reference_url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb","reference_id":"bwmd17fcvljt9q4cgctp4v09zh3qs7fb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:27:53Z/"}],"url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb"},{"reference_url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv","reference_id":"GHSA-787v-v9vq-4rgv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-55633","GHSA-787v-v9vq-4rgv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqt-cpea-b7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121409?format=json","vulnerability_id":"VCID-2bqf-unav-tbfs","summary":"Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48892","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/6"},{"reference_url":"https://github.com/advisories/GHSA-mhpq-m962-mg92","reference_id":"GHSA-mhpq-m962-mg92","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mhpq-m962-mg92"},{"reference_url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33","reference_id":"op681b4kbd7g84tfjf9omz0sxggbcv33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:47:53Z/"}],"url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55675","GHSA-mhpq-m962-mg92"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqf-unav-tbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207662?format=json","vulnerability_id":"VCID-2npv-nu15-6uee","summary":"Insufficiently Protected Credentials in Apache Superset","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44451","reference_id":"","reference_type":"","scores":[{"value":"0.8336","scoring_system":"epss","scoring_elements":"0.99291","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-44451"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-36.yaml"},{"reference_url":"https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/xww1pccs2ckb5506wrf1v4lmxg198vkb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44451","reference_id":"CVE-2021-44451","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-44451"},{"reference_url":"https://github.com/advisories/GHSA-hhm3-48h2-597v","reference_id":"GHSA-hhm3-48h2-597v","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhm3-48h2-597v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18921?format=json","purl":"pkg:pypi/apache-superset@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.0"}],"aliases":["BIT-superset-2021-44451","CVE-2021-44451","GHSA-hhm3-48h2-597v","PYSEC-2022-36"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2npv-nu15-6uee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66962?format=json","vulnerability_id":"VCID-35bq-93h8-qufg","summary":"Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21453","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/4"},{"reference_url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd","reference_id":"2q22sp4oj3krcgdkxchhtht0vgwp2wnd","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:03:24Z/"}],"url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969","reference_id":"CVE-2026-23969","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969"},{"reference_url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m","reference_id":"GHSA-48m2-v2r8-h23m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2026-23969","GHSA-48m2-v2r8-h23m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35bq-93h8-qufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145702?format=json","vulnerability_id":"VCID-3aw6-59a3-eba8","summary":"Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27523","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22044","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27523"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27523","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27523"},{"reference_url":"https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h","reference_id":"3y97nmwm956b6zg3l8dh9oj0w7dj945h","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:49:47Z/"}],"url":"https://lists.apache.org/thread/3y97nmwm956b6zg3l8dh9oj0w7dj945h"},{"reference_url":"https://github.com/advisories/GHSA-v594-2c97-hx38","reference_id":"GHSA-v594-2c97-hx38","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v594-2c97-hx38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-27523","GHSA-v594-2c97-hx38"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3aw6-59a3-eba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211001?format=json","vulnerability_id":"VCID-3q94-rkzw-q7bb","summary":"Apache Superset allows authenticated users to access metadata they have no permission to","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37839","reference_id":"","reference_type":"","scores":[{"value":"0.00345","scoring_system":"epss","scoring_elements":"0.57431","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-37839"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/2bd89d1705347da5446902a3f65eb8d0a6353503"},{"reference_url":"https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/pwqyxxmn5gh7cnw3qsp66v0lt4xojt82"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37839","reference_id":"CVE-2021-37839","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37839"},{"reference_url":"https://github.com/advisories/GHSA-748r-5r8q-273m","reference_id":"GHSA-748r-5r8q-273m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-748r-5r8q-273m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/25244?format=json","purl":"pkg:pypi/apache-superset@1.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.1"}],"aliases":["CVE-2021-37839","GHSA-748r-5r8q-273m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3q94-rkzw-q7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165630?format=json","vulnerability_id":"VCID-3sh2-fv5f-jkh5","summary":"When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access dashboard configuration metadata using a REST API Get endpoint. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45438","reference_id":"","reference_type":"","scores":[{"value":"0.0324","scoring_system":"epss","scoring_elements":"0.87393","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45438"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45438","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45438"},{"reference_url":"https://github.com/advisories/GHSA-8f5j-mgx9-5hm5","reference_id":"GHSA-8f5j-mgx9-5hm5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f5j-mgx9-5hm5"},{"reference_url":"https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9","reference_id":"snxbkf2x9kww7s0wkmydct9nhqqn9rv9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:59:07Z/"}],"url":"https://lists.apache.org/thread/snxbkf2x9kww7s0wkmydct9nhqqn9rv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-45438","GHSA-8f5j-mgx9-5hm5"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3sh2-fv5f-jkh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208797?format=json","vulnerability_id":"VCID-46y8-wuk7-hfad","summary":"SQL injection in apache-superset","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27479","reference_id":"","reference_type":"","scores":[{"value":"0.04329","scoring_system":"epss","scoring_elements":"0.89154","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27479"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2022-188.yaml"},{"reference_url":"https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/94th50j5d0y2fw7ysx0g7w3t6jk3z7q6"},{"reference_url":"https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/ztb9b6jd9rngoxwvq8r4fhpp401o613y"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/04/13/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/04/13/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27479","reference_id":"CVE-2022-27479","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27479"},{"reference_url":"https://github.com/advisories/GHSA-wh73-hpcg-v32j","reference_id":"GHSA-wh73-hpcg-v32j","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wh73-hpcg-v32j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20127?format=json","purl":"pkg:pypi/apache-superset@1.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.4.2"}],"aliases":["BIT-superset-2022-27479","CVE-2022-27479","GHSA-wh73-hpcg-v32j","PYSEC-2022-188"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46y8-wuk7-hfad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356675?format=json","vulnerability_id":"VCID-4axb-e4nm-3fcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27068","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/3"},{"reference_url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv","reference_id":"GHSA-hc74-9vjm-c9xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42502","GHSA-hc74-9vjm-c9xv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4axb-e4nm-3fcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210567?format=json","vulnerability_id":"VCID-4zgy-r2br-37hy","summary":"Apache Superset allowed for database connections password leak for authenticated users","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41972","reference_id":"","reference_type":"","scores":[{"value":"0.00234","scoring_system":"epss","scoring_elements":"0.46445","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41972"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-434.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-434.yaml"},{"reference_url":"https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/xpdl2r538o695o7r9gd9qrwqb17bdd3v"},{"reference_url":"https://seclists.org/oss-sec/2021/q4/106","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/oss-sec/2021/q4/106"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41972","reference_id":"CVE-2021-41972","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41972"},{"reference_url":"https://github.com/advisories/GHSA-42q4-9xf9-f67x","reference_id":"GHSA-42q4-9xf9-f67x","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-42q4-9xf9-f67x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23792?format=json","purl":"pkg:pypi/apache-superset@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.2"}],"aliases":["BIT-superset-2021-41972","CVE-2021-41972","GHSA-42q4-9xf9-f67x","PYSEC-2021-434"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4zgy-r2br-37hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136369?format=json","vulnerability_id":"VCID-58d5-z1y6-qffj","summary":"An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36387","reference_id":"","reference_type":"","scores":[{"value":"0.00022","scoring_system":"epss","scoring_elements":"0.06585","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36387"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36387","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36387"},{"reference_url":"https://github.com/apache/superset/pull/24185","reference_id":"24185","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/"}],"url":"https://github.com/apache/superset/pull/24185"},{"reference_url":"https://github.com/advisories/GHSA-9832-mgg4-3gr6","reference_id":"GHSA-9832-mgg4-3gr6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9832-mgg4-3gr6"},{"reference_url":"https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3","reference_id":"tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T18:00:10Z/"}],"url":"https://lists.apache.org/thread/tt6s6hm8nv6s11z8bfsk3r3d9ov0ogw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-36387","GHSA-9832-mgg4-3gr6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-58d5-z1y6-qffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145501?format=json","vulnerability_id":"VCID-5m3g-6uya-1fe3","summary":"A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including 2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27526","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31418","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27526"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27526","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27526"},{"reference_url":"https://github.com/advisories/GHSA-9qc3-p9jq-2x27","reference_id":"GHSA-9qc3-p9jq-2x27","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qc3-p9jq-2x27"},{"reference_url":"https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv","reference_id":"ndww89yl2jd98lvn23n9cj722lfdg8dv","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:41Z/"}],"url":"https://lists.apache.org/thread/ndww89yl2jd98lvn23n9cj722lfdg8dv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-27526","GHSA-9qc3-p9jq-2x27"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5m3g-6uya-1fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136294?format=json","vulnerability_id":"VCID-6brk-rjs7-67he","summary":"Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36388","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32461","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36388"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36388","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36388"},{"reference_url":"https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs","reference_id":"ccmjjz4jp17yc2kcd18qshmdtf7qorfs","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:50:04Z/"}],"url":"https://lists.apache.org/thread/ccmjjz4jp17yc2kcd18qshmdtf7qorfs"},{"reference_url":"https://github.com/advisories/GHSA-4fg9-5w46-xmrj","reference_id":"GHSA-4fg9-5w46-xmrj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4fg9-5w46-xmrj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-36388","GHSA-4fg9-5w46-xmrj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6brk-rjs7-67he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210574?format=json","vulnerability_id":"VCID-7zqa-ny6m-kqfw","summary":"Improper Encoding or Escaping of Output in Apache Superset","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42250","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61551","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42250"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-435.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-435.yaml"},{"reference_url":"https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/53lkszw6d3tybp5t99nvgcj538b9trw9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/17/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/11/17/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42250","reference_id":"CVE-2021-42250","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-42250"},{"reference_url":"https://github.com/advisories/GHSA-5fp8-c45m-256p","reference_id":"GHSA-5fp8-c45m-256p","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5fp8-c45m-256p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23792?format=json","purl":"pkg:pypi/apache-superset@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.2"}],"aliases":["BIT-superset-2021-42250","CVE-2021-42250","GHSA-5fp8-c45m-256p","PYSEC-2021-435"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7zqa-ny6m-kqfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66895?format=json","vulnerability_id":"VCID-8bqq-wrc2-b3de","summary":"An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/6"},{"reference_url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp","reference_id":"9lvbzwkw4rxgdvbpfvnnnfcll92v75fp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:44:20Z/"}],"url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982","reference_id":"CVE-2026-23982","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982"},{"reference_url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc","reference_id":"GHSA-3m2g-v7jf-7fxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23982","GHSA-3m2g-v7jf-7fxc"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqq-wrc2-b3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33743?format=json","vulnerability_id":"VCID-8qnw-zrab-y3ac","summary":"This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952","reference_id":"","reference_type":"","scores":[{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80692","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952","reference_id":"CVE-2024-23952","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952"},{"reference_url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9","reference_id":"GHSA-v7q3-5rqm-x7m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9"},{"reference_url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx","reference_id":"zc58zvm4414molqn2m4d4vkrbrsxdksx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31860?format=json","purl":"pkg:pypi/apache-superset@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.1"}],"aliases":["CVE-2024-23952","GHSA-v7q3-5rqm-x7m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qnw-zrab-y3ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39948?format=json","vulnerability_id":"VCID-8s2r-g7nq-9qcm","summary":"An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23713","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148","reference_id":"CVE-2024-28148","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148"},{"reference_url":"https://github.com/advisories/GHSA-299q-3p96-5898","reference_id":"GHSA-299q-3p96-5898","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-299q-3p96-5898"},{"reference_url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo","reference_id":"n27wlbd05oc6bgjh28d5pxzsrrph8dgo","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:25:54Z/"}],"url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30933?format=json","purl":"pkg:pypi/apache-superset@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/32253?format=json","purl":"pkg:pypi/apache-superset@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.0"}],"aliases":["CVE-2024-28148","GHSA-299q-3p96-5898"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s2r-g7nq-9qcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356676?format=json","vulnerability_id":"VCID-98eq-5ynn-2ba5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13258","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/5"},{"reference_url":"https://github.com/advisories/GHSA-fgpw-4w69-j256","reference_id":"GHSA-fgpw-4w69-j256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgpw-4w69-j256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42505","GHSA-fgpw-4w69-j256"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98eq-5ynn-2ba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139370?format=json","vulnerability_id":"VCID-9wan-6z96-uudu","summary":"Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. This could allow for unexpected file creation on Superset webservers. Additionally, if Apache Superset is using a SQLite database for its metadata (not advised for production use) it could result in more severe vulnerabilities related to confidentiality and integrity. This vulnerability exists in Apache Superset versions up to and including 2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39265","reference_id":"","reference_type":"","scores":[{"value":"0.72085","scoring_system":"epss","scoring_elements":"0.9877","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39265"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39265","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39265"},{"reference_url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_id":"Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/"}],"url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"},{"reference_url":"https://github.com/advisories/GHSA-fm4q-j8g4-c9j4","reference_id":"GHSA-fm4q-j8g4-c9j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fm4q-j8g4-c9j4"},{"reference_url":"https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy","reference_id":"pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy","reference_type":"","scores":[{"value":"3.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T18:48:12Z/"}],"url":"https://lists.apache.org/thread/pwdzsdmv4g5g1n2h9m7ortfnxmhr7nfy"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-39265","GHSA-fm4q-j8g4-c9j4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wan-6z96-uudu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163127?format=json","vulnerability_id":"VCID-au4r-bwjy-rbdw","summary":"Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43717","reference_id":"","reference_type":"","scores":[{"value":"0.01349","scoring_system":"epss","scoring_elements":"0.805","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43717"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43717","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43717"},{"reference_url":"https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl","reference_id":"g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-04T13:51:44Z/"}],"url":"https://lists.apache.org/thread/g6zy6vkpvkbj5mj32vmyzwol5ldtg9pl"},{"reference_url":"https://github.com/advisories/GHSA-9f88-wg5r-947j","reference_id":"GHSA-9f88-wg5r-947j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f88-wg5r-947j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-43717","GHSA-9f88-wg5r-947j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-au4r-bwjy-rbdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218039?format=json","vulnerability_id":"VCID-autt-zyf9-1uhd","summary":"In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13952","reference_id":"","reference_type":"","scores":[{"value":"0.00122","scoring_system":"epss","scoring_elements":"0.30914","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13952"},{"reference_url":"https://github.com/advisories/GHSA-77pw-c3j2-5fc8","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77pw-c3j2-5fc8"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-223.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-223.yaml"},{"reference_url":"https://lists.apache.org/thread.html/rf1faa368f580d2cb691576bee1277855f769667f3114d5df1dacbea6%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf1faa368f580d2cb691576bee1277855f769667f3114d5df1dacbea6%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13952","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13952"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61006?format=json","purl":"pkg:pypi/apache-superset@0.37.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-bzq7-wbzu-yqas"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-n38n-w9e1-5ff6"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-u7nc-sr84-1qgy"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-yzk1-n3nz-kybb"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@0.37.2"}],"aliases":["BIT-superset-2020-13952","CVE-2020-13952","GHSA-77pw-c3j2-5fc8","PYSEC-2020-223"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-autt-zyf9-1uhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210551?format=json","vulnerability_id":"VCID-bzq7-wbzu-yqas","summary":"Apache Superset SQL Injection when template processing is enabled","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41971","reference_id":"","reference_type":"","scores":[{"value":"0.00431","scoring_system":"epss","scoring_elements":"0.63056","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41971"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-378.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-378.yaml"},{"reference_url":"https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf7292731268c6c6e2196ae1583e32ac7189385364268f8d9215e8e6d%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41971","reference_id":"CVE-2021-41971","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41971"},{"reference_url":"https://github.com/advisories/GHSA-pg8m-4p8j-2p56","reference_id":"GHSA-pg8m-4p8j-2p56","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pg8m-4p8j-2p56"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23717?format=json","purl":"pkg:pypi/apache-superset@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.3.1"}],"aliases":["BIT-superset-2021-41971","CVE-2021-41971","GHSA-pg8m-4p8j-2p56","PYSEC-2021-378"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzq7-wbzu-yqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135602?format=json","vulnerability_id":"VCID-c1du-my8w-3kc4","summary":"An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52781","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/6","reference_id":"6","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/6"},{"reference_url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6","reference_id":"GHSA-3hp7-4qq4-v5c6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6"},{"reference_url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l","reference_id":"yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42504","GHSA-3hp7-4qq4-v5c6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1du-my8w-3kc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163340?format=json","vulnerability_id":"VCID-cmt6-zps1-1yaa","summary":"An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly escaped by the toast message displayed when a user deletes that specific CSS template record. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43720","reference_id":"","reference_type":"","scores":[{"value":"0.01787","scoring_system":"epss","scoring_elements":"0.83145","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43720"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43720","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43720"},{"reference_url":"https://github.com/advisories/GHSA-fpmr-qmgh-42x2","reference_id":"GHSA-fpmr-qmgh-42x2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fpmr-qmgh-42x2"},{"reference_url":"https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l","reference_id":"jts6x56kghr9mbowb653bk70pl81jp8l","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:02:39Z/"}],"url":"https://lists.apache.org/thread/jts6x56kghr9mbowb653bk70pl81jp8l"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-43720","GHSA-fpmr-qmgh-42x2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cmt6-zps1-1yaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121655?format=json","vulnerability_id":"VCID-djyw-btmk-tyc1","summary":"When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.\n\nThis issue affects Apache Superset: before 4.1.3.\n\nUsers are recommended to upgrade to version 4.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673","reference_id":"","reference_type":"","scores":[{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75808","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/3"},{"reference_url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r","reference_id":"GHSA-9g5x-mm39-wg9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r"},{"reference_url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8","reference_id":"h2hw756wk4sj4z49blvzkr5fntl9hlf8","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T14:02:38Z/"}],"url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377620?format=json","purl":"pkg:pypi/apache-superset@4.1.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.3.post1"}],"aliases":["CVE-2025-55673","GHSA-9g5x-mm39-wg9r"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djyw-btmk-tyc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145979?format=json","vulnerability_id":"VCID-ew1h-9gne-ckda","summary":"An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27525","reference_id":"","reference_type":"","scores":[{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67804","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27525"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27525","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27525"},{"reference_url":"https://github.com/advisories/GHSA-7jhg-8m74-6f6g","reference_id":"GHSA-7jhg-8m74-6f6g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7jhg-8m74-6f6g"},{"reference_url":"https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77","reference_id":"wpv7b17zjg2pmvpfkdd6nn8sco8y2q77","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T16:03:40Z/"}],"url":"https://lists.apache.org/thread/wpv7b17zjg2pmvpfkdd6nn8sco8y2q77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379603?format=json","purl":"pkg:pypi/apache-superset@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0"}],"aliases":["CVE-2023-27525","GHSA-7jhg-8m74-6f6g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ew1h-9gne-ckda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46704?format=json","vulnerability_id":"VCID-f3cr-98hh-qygb","summary":"An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.\n\nThis issue affects Apache Superset: before 4.0.2.\n\nUsers are recommended to upgrade to version 4.0.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887","reference_id":"","reference_type":"","scores":[{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98352","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/5","reference_id":"5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887","reference_id":"CVE-2024-39887","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887"},{"reference_url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj","reference_id":"GHSA-2q6j-vpvr-6pvj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj"},{"reference_url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz","reference_id":"j55vm41jg3l0x6w49zrmvbf3k0ts5fqz","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32665?format=json","purl":"pkg:pypi/apache-superset@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.2"}],"aliases":["CVE-2024-39887","GHSA-2q6j-vpvr-6pvj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cr-98hh-qygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135563?format=json","vulnerability_id":"VCID-fuze-h6b7-p7ej","summary":"Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27402","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/3","reference_id":"3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/3"},{"reference_url":"https://github.com/advisories/GHSA-vv65-fjfj-4736","reference_id":"GHSA-vv65-fjfj-4736","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv65-fjfj-4736"},{"reference_url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","reference_id":"vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-42501","GHSA-vv65-fjfj-4736"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuze-h6b7-p7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61980?format=json","vulnerability_id":"VCID-fw5g-fb97-5qgv","summary":"A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6924","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772","reference_id":"CVE-2024-24772","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772"},{"reference_url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5","reference_id":"gfl3ckwy6y9tpz9jmpv62orh2q346sn5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T17:55:04Z/"}],"url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5"},{"reference_url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4","reference_id":"GHSA-m6jm-3v38-76j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24772","GHSA-m6jm-3v38-76j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fw5g-fb97-5qgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162997?format=json","vulnerability_id":"VCID-ggry-wydz-j3az","summary":"Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43718","reference_id":"","reference_type":"","scores":[{"value":"0.00448","scoring_system":"epss","scoring_elements":"0.64004","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43718"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43718","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43718"},{"reference_url":"https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r","reference_id":"8615608jt2x7b3rmqrtngldy8pn3nz2r","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:05:57Z/"}],"url":"https://lists.apache.org/thread/8615608jt2x7b3rmqrtngldy8pn3nz2r"},{"reference_url":"https://github.com/advisories/GHSA-79x5-cv79-49rj","reference_id":"GHSA-79x5-cv79-49rj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-79x5-cv79-49rj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-43718","GHSA-79x5-cv79-49rj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ggry-wydz-j3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41369?format=json","vulnerability_id":"VCID-h8px-dtx8-7ucd","summary":"A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48443","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/7","reference_id":"7","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/7"},{"reference_url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s","reference_id":"76v1jjcylgk4p3m0258qr359ook3vl8s","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016","reference_id":"CVE-2024-26016","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016"},{"reference_url":"https://github.com/advisories/GHSA-3v9r-885j-762g","reference_id":"GHSA-3v9r-885j-762g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v9r-885j-762g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-26016","GHSA-3v9r-885j-762g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8px-dtx8-7ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172608?format=json","vulnerability_id":"VCID-hb6y-7ujs-bfe9","summary":"A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add subqueries to the WHERE and HAVING fields referencing tables on the same database that the user should not have access to, despite the user having the feature flag \"ALLOW_ADHOC_SUBQUERY\" disabled (default value).  This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41703","reference_id":"","reference_type":"","scores":[{"value":"0.01302","scoring_system":"epss","scoring_elements":"0.80169","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41703"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41703","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41703"},{"reference_url":"https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos","reference_id":"g7jjw0okxjk5y57pbbxy19ydw42kqcos","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:32:13Z/"}],"url":"https://lists.apache.org/thread/g7jjw0okxjk5y57pbbxy19ydw42kqcos"},{"reference_url":"https://github.com/advisories/GHSA-cxvp-3frm-3876","reference_id":"GHSA-cxvp-3frm-3876","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cxvp-3frm-3876"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-41703","GHSA-cxvp-3frm-3876"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb6y-7ujs-bfe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357681?format=json","vulnerability_id":"VCID-jbtq-unbj-nyez","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736","reference_id":"","reference_type":"","scores":[{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66233","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751"},{"reference_url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d"},{"reference_url":"https://github.com/apache/superset/pull/25779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25779"},{"reference_url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/2"},{"reference_url":"https://github.com/advisories/GHSA-jfxj-xf67-x723","reference_id":"GHSA-jfxj-xf67-x723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfxj-xf67-x723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380149?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380150?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49736","GHSA-jfxj-xf67-x723"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbtq-unbj-nyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356796?format=json","vulnerability_id":"VCID-meyp-4j5x-sfbt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47068","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw","reference_id":"GHSA-wq8q-99p5-xfrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-43701","GHSA-wq8q-99p5-xfrw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-meyp-4j5x-sfbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121675?format=json","vulnerability_id":"VCID-mjty-hv8c-mbck","summary":"A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59599","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/5"},{"reference_url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo","reference_id":"cn49ps15ny3g2b1qzdg5mj7hp47p5jdo","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:49:40Z/"}],"url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo"},{"reference_url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp","reference_id":"GHSA-fxgf-3xh6-m2pp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55674","GHSA-fxgf-3xh6-m2pp"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjty-hv8c-mbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44491?format=json","vulnerability_id":"VCID-mwbp-vuvw-mua1","summary":"Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38466","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/09/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/09/3"},{"reference_url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf","reference_id":"8howpf3png0wrgpls46ggk441oczlfvf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:04:23Z/"}],"url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf"},{"reference_url":"https://github.com/advisories/GHSA-2cx9-54hp-r698","reference_id":"GHSA-2cx9-54hp-r698","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2cx9-54hp-r698"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53948","GHSA-2cx9-54hp-r698"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbp-vuvw-mua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218133?format=json","vulnerability_id":"VCID-n38n-w9e1-5ff6","summary":"Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input for open redirects the URL shortener functionality would allow for a malicious user to create a short URL for a dashboard that could convince the user to click the link.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28125","reference_id":"","reference_type":"","scores":[{"value":"0.02577","scoring_system":"epss","scoring_elements":"0.85882","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28125"},{"reference_url":"https://github.com/advisories/GHSA-pfwg-rxf4-97c3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pfwg-rxf4-97c3"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/eb35b804acf4d84cb70d02743e04b8afebbee029"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-128.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434@%3Cdev.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r89b5d0dd35c1adc9624b48d6247729c73b2641b32754226661368434%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28125","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28125"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/04/27/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/04/27/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/64180?format=json","purl":"pkg:pypi/apache-superset@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-bzq7-wbzu-yqas"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-yzk1-n3nz-kybb"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.1.0"}],"aliases":["BIT-superset-2021-28125","CVE-2021-28125","GHSA-pfwg-rxf4-97c3","PYSEC-2021-128"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n38n-w9e1-5ff6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118233?format=json","vulnerability_id":"VCID-pvr6-v3ds-sqcr","summary":"An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56751","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/30/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/30/3"},{"reference_url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj","reference_id":"GHSA-8w7f-8pr9-xgwj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj"},{"reference_url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135","reference_id":"ms2t2oq218hb7l628trsogo4fj7h1135","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T12:55:47Z/"}],"url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-48912","GHSA-8w7f-8pr9-xgwj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvr6-v3ds-sqcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133132?format=json","vulnerability_id":"VCID-q2f7-jq7w-vkc5","summary":"A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.\n\nFor 2.X versions, users should change their config to include:\n\nTALISMAN_CONFIG = {\n    \"content_security_policy\": {\n        \"base-uri\": [\"'self'\"],\n        \"default-src\": [\"'self'\"],\n        \"img-src\": [\"'self'\", \"blob:\", \"data:\"],\n        \"worker-src\": [\"'self'\", \"blob:\"],\n        \"connect-src\": [\n            \"'self'\",\n            \" https://api.mapbox.com\" https://api.mapbox.com\" ;,\n            \" https://events.mapbox.com\" https://events.mapbox.com\" ;,\n        ],\n        \"object-src\": \"'none'\",\n        \"style-src\": [\n            \"'self'\",\n            \"'unsafe-inline'\",\n        ],\n        \"script-src\": [\"'self'\", \"'strict-dynamic'\"],\n    },\n    \"content_security_policy_nonce_in\": [\"script-src\"],\n    \"force_https\": False,\n    \"session_cookie_secure\": False,\n}","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/23/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/23/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657","reference_id":"CVE-2023-49657","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657"},{"reference_url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6","reference_id":"GHSA-rwhh-6x83-84v6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6"},{"reference_url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx","reference_id":"wjyvz8om9nwd396lh0bt156mtwjxpsvx","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:03:28Z/"}],"url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28540?format=json","purl":"pkg:pypi/apache-superset@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.3"}],"aliases":["CVE-2023-49657","GHSA-rwhh-6x83-84v6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2f7-jq7w-vkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61646?format=json","vulnerability_id":"VCID-rkx2-ky5w-myce","summary":"Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35318","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/4","reference_id":"4","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773","reference_id":"CVE-2024-24773","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773"},{"reference_url":"https://github.com/advisories/GHSA-5474-f7g5-273q","reference_id":"GHSA-5474-f7g5-273q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5474-f7g5-273q"},{"reference_url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501","reference_id":"h66fy6nj41cfx07zh7l552w6dmtjh501","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24773","GHSA-5474-f7g5-273q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-ky5w-myce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132563?format=json","vulnerability_id":"VCID-s7bz-64kr-9yfs","summary":"Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69723","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154"},{"reference_url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/1","reference_id":"1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9","reference_id":"GHSA-95mg-jgfx-54v9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9"},{"reference_url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl","reference_id":"yxbxg4wryb7cb7wyybk11l5nqy0rsrvl","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/380328?format=json","purl":"pkg:pypi/apache-superset@3.1.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.0rc1"}],"aliases":["CVE-2023-46104","GHSA-95mg-jgfx-54v9"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bz-64kr-9yfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357680?format=json","vulnerability_id":"VCID-ss9d-ku99-b3gf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6"},{"reference_url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0"},{"reference_url":"https://github.com/apache/superset/pull/25843","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25843"},{"reference_url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/3","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/3"},{"reference_url":"https://github.com/advisories/GHSA-g49j-j489-3xpf","reference_id":"GHSA-g49j-j489-3xpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g49j-j489-3xpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380149?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380150?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49734","GHSA-g49j-j489-3xpf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9d-ku99-b3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139194?format=json","vulnerability_id":"VCID-tf8b-bq3r-2fhc","summary":"By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This vulnerability exists in Apache Superset versions up to and including 2.1.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39264","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33849","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39264"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39264","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39264"},{"reference_url":"https://github.com/advisories/GHSA-cpvx-2365-466c","reference_id":"GHSA-cpvx-2365-466c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cpvx-2365-466c"},{"reference_url":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75","reference_id":"y65t1of7hb445n86o1vdzjct7rfwlx75","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T14:48:40Z/"}],"url":"https://lists.apache.org/thread/y65t1of7hb445n86o1vdzjct7rfwlx75"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-39264","GHSA-cpvx-2365-466c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tf8b-bq3r-2fhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66654?format=json","vulnerability_id":"VCID-tvfr-mp56-b7f4","summary":"Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12784","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980","reference_id":"CVE-2026-23980","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980"},{"reference_url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg","reference_id":"GHSA-gvxg-9hqx-f4rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg"},{"reference_url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4","reference_id":"h4l02zw1pr2vywv0dc5zjn3grdcdhwf4","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:05:27Z/"}],"url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23980","GHSA-gvxg-9hqx-f4rg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfr-mp56-b7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210656?format=json","vulnerability_id":"VCID-u7nc-sr84-1qgy","summary":"Apache Superset Stored XSS on Dashboard markdown","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27907","reference_id":"","reference_type":"","scores":[{"value":"0.02514","scoring_system":"epss","scoring_elements":"0.85719","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-27907"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-127.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-127.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a@%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a@%3Cdev.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r09293fb09f1d617f0d2180c42210e739e2211f8da9bc5c1873bea67a%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27907","reference_id":"CVE-2021-27907","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-27907"},{"reference_url":"https://github.com/advisories/GHSA-w358-rj93-r5qv","reference_id":"GHSA-w358-rj93-r5qv","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w358-rj93-r5qv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24207?format=json","purl":"pkg:pypi/apache-superset@0.38.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-bzq7-wbzu-yqas"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-n38n-w9e1-5ff6"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-yzk1-n3nz-kybb"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@0.38.1"}],"aliases":["BIT-superset-2021-27907","CVE-2021-27907","GHSA-w358-rj93-r5qv","PYSEC-2021-127"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7nc-sr84-1qgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66947?format=json","vulnerability_id":"VCID-ubwg-81j2-8yhd","summary":"An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.\nWhile the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12856","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/8"},{"reference_url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26","reference_id":"72cmgxtvp9pclto4ln1chbs1227nwd26","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:51:19Z/"}],"url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984","reference_id":"CVE-2026-23984","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984"},{"reference_url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2","reference_id":"GHSA-mwf2-qr4v-94h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23984","GHSA-mwf2-qr4v-94h2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubwg-81j2-8yhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66960?format=json","vulnerability_id":"VCID-us7y-vvzr-2fea","summary":"A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag.\nWhen these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data \n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17536","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/7","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/7"},{"reference_url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww","reference_id":"62mgbc5hc8026skp69kb6vqozj3pr5ww","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:46:54Z/"}],"url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983","reference_id":"CVE-2026-23983","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983"},{"reference_url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj","reference_id":"GHSA-h294-8fxm-m2pj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23983","GHSA-h294-8fxm-m2pj"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us7y-vvzr-2fea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61796?format=json","vulnerability_id":"VCID-uxws-xum3-efgv","summary":"Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/6","reference_id":"6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779","reference_id":"CVE-2024-24779","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779"},{"reference_url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj","reference_id":"GHSA-wr6g-9wcr-cmqj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj"},{"reference_url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq","reference_id":"xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24779","GHSA-wr6g-9wcr-cmqj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxws-xum3-efgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163104?format=json","vulnerability_id":"VCID-uyy9-mrk5-fbhd","summary":"An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43721","reference_id":"","reference_type":"","scores":[{"value":"0.00651","scoring_system":"epss","scoring_elements":"0.71365","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43721"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43721","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43721"},{"reference_url":"https://github.com/advisories/GHSA-fcg4-pm6h-9xx2","reference_id":"GHSA-fcg4-pm6h-9xx2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fcg4-pm6h-9xx2"},{"reference_url":"https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg","reference_id":"s6sqt5jmcv6qxtvdot1t5tpt57v439kg","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T15:00:49Z/"}],"url":"https://lists.apache.org/thread/s6sqt5jmcv6qxtvdot1t5tpt57v439kg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-43721","GHSA-fcg4-pm6h-9xx2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyy9-mrk5-fbhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121536?format=json","vulnerability_id":"VCID-v735-muyq-h7hr","summary":"A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44316","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/4"},{"reference_url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4","reference_id":"GHSA-fj97-2v9x-w5m4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4"},{"reference_url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj","reference_id":"rvh7fdjfzxzjhcfwoz7twc2brhvochdj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:52:16Z/"}],"url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55672","GHSA-fj97-2v9x-w5m4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v735-muyq-h7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49457?format=json","vulnerability_id":"VCID-vafu-fk53-6yd4","summary":"Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0\n\nUsers are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693","reference_id":"","reference_type":"","scores":[{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94122","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/20/1","reference_id":"1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/20/1"},{"reference_url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon","reference_id":"1803x1s34m7r71h1k0q1njol8k6fmyon","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693","reference_id":"CVE-2024-34693","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693"},{"reference_url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq","reference_id":"GHSA-hcr7-cqwc-q5gq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32255?format=json","purl":"pkg:pypi/apache-superset@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/32254?format=json","purl":"pkg:pypi/apache-superset@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.1"}],"aliases":["CVE-2024-34693","GHSA-hcr7-cqwc-q5gq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vafu-fk53-6yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162857?format=json","vulnerability_id":"VCID-w4pb-uqe1-27cv","summary":"Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43719","reference_id":"","reference_type":"","scores":[{"value":"0.00456","scoring_system":"epss","scoring_elements":"0.64305","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43719"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43719","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43719"},{"reference_url":"https://github.com/advisories/GHSA-7222-r37x-8q3m","reference_id":"GHSA-7222-r37x-8q3m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7222-r37x-8q3m"},{"reference_url":"https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0","reference_id":"xc309h2dphrkg33154djf3nqlh2xc1c0","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-07T15:03:55Z/"}],"url":"https://lists.apache.org/thread/xc309h2dphrkg33154djf3nqlh2xc1c0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/392789?format=json","purl":"pkg:pypi/apache-superset@1.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/392790?format=json","purl":"pkg:pypi/apache-superset@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-jkea-eab6-rubm"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.0.1"}],"aliases":["CVE-2022-43719","GHSA-7222-r37x-8q3m"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4pb-uqe1-27cv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/143173?format=json","vulnerability_id":"VCID-wgd2-ud3v-gkdw","summary":"An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an authenticated user to query tables that they do not have proper access to within Superset. The vulnerability can be exploited by leveraging a SQL parsing vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32672","reference_id":"","reference_type":"","scores":[{"value":"0.00173","scoring_system":"epss","scoring_elements":"0.38488","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-32672"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32672","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-32672"},{"reference_url":"https://github.com/advisories/GHSA-95ch-p3gw-23qg","reference_id":"GHSA-95ch-p3gw-23qg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95ch-p3gw-23qg"},{"reference_url":"https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp","reference_id":"ococ6nlj80f0okkwfwpjczy3q84j3wkp","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T15:46:32Z/"}],"url":"https://lists.apache.org/thread/ococ6nlj80f0okkwfwpjczy3q84j3wkp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/650113?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-32672","GHSA-95ch-p3gw-23qg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wgd2-ud3v-gkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210652?format=json","vulnerability_id":"VCID-xr3c-u3m4-tfeg","summary":"Apache Superset OS Command Injection","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13948","reference_id":"","reference_type":"","scores":[{"value":"0.00732","scoring_system":"epss","scoring_elements":"0.73174","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13948"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/pull/11617#issuecomment-726204489","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/11617#issuecomment-726204489"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-222.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2020-222.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r0e35c7c5672a6146b962840be5c1a7b7461c05a71cd7ecc62774d155@%3Cnotifications.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r0e35c7c5672a6146b962840be5c1a7b7461c05a71cd7ecc62774d155@%3Cnotifications.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4fc7115f6e63ac255c48fc68c0da592df55fe4be47cae6378d39ac22@%3Cnotifications.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4fc7115f6e63ac255c48fc68c0da592df55fe4be47cae6378d39ac22@%3Cnotifications.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rdeee068ac1e0c43bd5b69830240f30598df15a2ef9f7998c7b29131e%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13948","reference_id":"CVE-2020-13948","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13948"},{"reference_url":"https://github.com/advisories/GHSA-cj7g-h7rf-h8j9","reference_id":"GHSA-cj7g-h7rf-h8j9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj7g-h7rf-h8j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/24158?format=json","purl":"pkg:pypi/apache-superset@0.37.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-autt-zyf9-1uhd"},{"vulnerability":"VCID-bzq7-wbzu-yqas"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-n38n-w9e1-5ff6"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-u7nc-sr84-1qgy"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-yzk1-n3nz-kybb"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@0.37.1"}],"aliases":["BIT-superset-2020-13948","CVE-2020-13948","GHSA-cj7g-h7rf-h8j9","PYSEC-2020-222"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xr3c-u3m4-tfeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=json","vulnerability_id":"VCID-xsmf-gtwu-1kae","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947"},{"reference_url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm","reference_id":"GHSA-92qf-8gh3-gwcm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm"},{"reference_url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn","reference_id":"hj3gfsjh67vqw12nlrshlsym4bkopjmn","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:05:04Z/"}],"url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53947","GHSA-92qf-8gh3-gwcm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsmf-gtwu-1kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/145658?format=json","vulnerability_id":"VCID-yyh5-z2zn-h7h7","summary":"Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config.\n\nAll superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database.\nAdd a strong SECRET_KEY to your `superset_config.py` file like:\n\nSECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY>\n\nAlternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27524","reference_id":"","reference_type":"","scores":[{"value":"0.84026","scoring_system":"epss","scoring_elements":"0.99323","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-27524"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/b180319bbf08e876ea84963220ebebbfd0699e03"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27524","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-27524"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-27524"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/24/2","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/04/24/2"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/04/24/2","reference_id":"2","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/04/24/2"},{"reference_url":"https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html","reference_id":"Apache-Superset-2.0.0-Authentication-Bypass.html","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/"}],"url":"https://packetstormsecurity.com/files/172522/Apache-Superset-2.0.0-Authentication-Bypass.html"},{"reference_url":"https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_id":"Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/"}],"url":"https://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py","reference_id":"CVE-2023-27524","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/51447.py"},{"reference_url":"https://github.com/advisories/GHSA-5cx2-vq3h-x52c","reference_id":"GHSA-5cx2-vq3h-x52c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5cx2-vq3h-x52c"},{"reference_url":"https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk","reference_id":"n0ftx60sllf527j7g11kmt24wvof8xyk","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L/E:H"},{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-03T16:30:35Z/"}],"url":"https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379603?format=json","purl":"pkg:pypi/apache-superset@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0"}],"aliases":["CVE-2023-27524","GHSA-5cx2-vq3h-x52c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyh5-z2zn-h7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129436?format=json","vulnerability_id":"VCID-yyqg-c3nw-nkdn","summary":"A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery\nattacks and query internal resources on behalf of the server where Superset\nis deployed. This vulnerability exists in Apache Superset versions up to and including 2.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25504","reference_id":"","reference_type":"","scores":[{"value":"0.00159","scoring_system":"epss","scoring_elements":"0.36538","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25504"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25504","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25504"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/18/8","reference_id":"8","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/18/8"},{"reference_url":"https://github.com/advisories/GHSA-fxjg-28fm-pfxh","reference_id":"GHSA-fxjg-28fm-pfxh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxjg-28fm-pfxh"},{"reference_url":"https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx","reference_id":"tdnzkocfsqg2sbbornnp9g492fn4zhtx","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-21T15:07:39Z/"}],"url":"https://lists.apache.org/thread/tdnzkocfsqg2sbbornnp9g492fn4zhtx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379603?format=json","purl":"pkg:pypi/apache-superset@2.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-annr-p6ed-wbaz"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.0"}],"aliases":["CVE-2023-25504","GHSA-fxjg-28fm-pfxh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yyqg-c3nw-nkdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/210552?format=json","vulnerability_id":"VCID-yzk1-n3nz-kybb","summary":"Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32609","reference_id":"","reference_type":"","scores":[{"value":"0.01309","scoring_system":"epss","scoring_elements":"0.80212","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-32609"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-377.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-superset/PYSEC-2021-377.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2c09254e98b4f8b3deb422762bd0e2aa6d743b72d96c2f90cbaae31a%40%3Cdev.superset.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32609","reference_id":"CVE-2021-32609","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32609"},{"reference_url":"https://github.com/advisories/GHSA-f8vc-f28w-x9c9","reference_id":"GHSA-f8vc-f28w-x9c9","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f8vc-f28w-x9c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23720?format=json","purl":"pkg:pypi/apache-superset@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-2npv-nu15-6uee"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-3aw6-59a3-eba8"},{"vulnerability":"VCID-3q94-rkzw-q7bb"},{"vulnerability":"VCID-3sh2-fv5f-jkh5"},{"vulnerability":"VCID-46y8-wuk7-hfad"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-4zgy-r2br-37hy"},{"vulnerability":"VCID-58d5-z1y6-qffj"},{"vulnerability":"VCID-5m3g-6uya-1fe3"},{"vulnerability":"VCID-6brk-rjs7-67he"},{"vulnerability":"VCID-7zqa-ny6m-kqfw"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-9wan-6z96-uudu"},{"vulnerability":"VCID-au4r-bwjy-rbdw"},{"vulnerability":"VCID-bzq7-wbzu-yqas"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-cmt6-zps1-1yaa"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-ew1h-9gne-ckda"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-ggry-wydz-j3az"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-hb6y-7ujs-bfe9"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tf8b-bq3r-2fhc"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-uyy9-mrk5-fbhd"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-w4pb-uqe1-27cv"},{"vulnerability":"VCID-wgd2-ud3v-gkdw"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-yyh5-z2zn-h7h7"},{"vulnerability":"VCID-yyqg-c3nw-nkdn"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@1.2.0"}],"aliases":["BIT-superset-2021-32609","CVE-2021-32609","GHSA-f8vc-f28w-x9c9","PYSEC-2021-377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzk1-n3nz-kybb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116858?format=json","vulnerability_id":"VCID-zvzt-19xv-6ubd","summary":"Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\n\nThis issue affects Apache Superset: through 4.1.1.\n\nUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23484","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/12/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/12/3"},{"reference_url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j","reference_id":"GHSA-w6c7-j32f-rq8j","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j"},{"reference_url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413","reference_id":"k2od03bxnxs6vcp80sr03ywcxl194413","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T13:15:33Z/"}],"url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-27696","GHSA-w6c7-j32f-rq8j"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvzt-19xv-6ubd"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@0.37.0"}