{"url":"http://public2.vulnerablecode.io/api/packages/650271?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc2","type":"pypi","namespace":"","name":"apache-superset","version":"2.1.1rc2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0","latest_non_vulnerable_version":"6.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55518?format=json","vulnerability_id":"VCID-19em-abzu-5bd5","summary":"An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32284","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3228","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.321","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32302","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315","reference_id":"CVE-2024-27315","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315"},{"reference_url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r","reference_id":"GHSA-h7r6-8qmm-hj5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r"},{"reference_url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z","reference_id":"qcwbx7q2s3ynsd405895bx3wcwq32j7z","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T16:03:10Z/"}],"url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-27315","GHSA-h7r6-8qmm-hj5r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-19em-abzu-5bd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59435?format=json","vulnerability_id":"VCID-1gqt-cpea-b7ht","summary":"Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. \n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77963","published_at":"2026-06-13T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77956","published_at":"2026-06-14T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77881","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7795","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/12/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/12/1"},{"reference_url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb","reference_id":"bwmd17fcvljt9q4cgctp4v09zh3qs7fb","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:27:53Z/"}],"url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb"},{"reference_url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv","reference_id":"GHSA-787v-v9vq-4rgv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-55633","GHSA-787v-v9vq-4rgv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gqt-cpea-b7ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121409?format=json","vulnerability_id":"VCID-2bqf-unav-tbfs","summary":"Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49046","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49033","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48892","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.49028","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/6"},{"reference_url":"https://github.com/advisories/GHSA-mhpq-m962-mg92","reference_id":"GHSA-mhpq-m962-mg92","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhpq-m962-mg92"},{"reference_url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33","reference_id":"op681b4kbd7g84tfjf9omz0sxggbcv33","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:47:53Z/"}],"url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55675","GHSA-mhpq-m962-mg92"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2bqf-unav-tbfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66962?format=json","vulnerability_id":"VCID-35bq-93h8-qufg","summary":"Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21453","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21624","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21637","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.2165","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/4"},{"reference_url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd","reference_id":"2q22sp4oj3krcgdkxchhtht0vgwp2wnd","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:03:24Z/"}],"url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969","reference_id":"CVE-2026-23969","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969"},{"reference_url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m","reference_id":"GHSA-48m2-v2r8-h23m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2026-23969","GHSA-48m2-v2r8-h23m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35bq-93h8-qufg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356675?format=json","vulnerability_id":"VCID-4axb-e4nm-3fcy","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27068","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27271","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2729","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27272","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/3"},{"reference_url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv","reference_id":"GHSA-hc74-9vjm-c9xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42502","GHSA-hc74-9vjm-c9xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4axb-e4nm-3fcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66895?format=json","vulnerability_id":"VCID-8bqq-wrc2-b3de","summary":"An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13535","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13512","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13539","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/6"},{"reference_url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp","reference_id":"9lvbzwkw4rxgdvbpfvnnnfcll92v75fp","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:44:20Z/"}],"url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982","reference_id":"CVE-2026-23982","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982"},{"reference_url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc","reference_id":"GHSA-3m2g-v7jf-7fxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23982","GHSA-3m2g-v7jf-7fxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bqq-wrc2-b3de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33743?format=json","vulnerability_id":"VCID-8qnw-zrab-y3ac","summary":"This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952","reference_id":"","reference_type":"","scores":[{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80754","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80763","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80752","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80692","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952","reference_id":"CVE-2024-23952","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952"},{"reference_url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9","reference_id":"GHSA-v7q3-5rqm-x7m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9"},{"reference_url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx","reference_id":"zc58zvm4414molqn2m4d4vkrbrsxdksx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/31860?format=json","purl":"pkg:pypi/apache-superset@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.1"}],"aliases":["CVE-2024-23952","GHSA-v7q3-5rqm-x7m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qnw-zrab-y3ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39948?format=json","vulnerability_id":"VCID-8s2r-g7nq-9qcm","summary":"An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 3.1.2.\n\nUsers are recommended to upgrade to version 3.1.2 or above, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23713","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23895","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23909","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23918","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148","reference_id":"CVE-2024-28148","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148"},{"reference_url":"https://github.com/advisories/GHSA-299q-3p96-5898","reference_id":"GHSA-299q-3p96-5898","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-299q-3p96-5898"},{"reference_url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo","reference_id":"n27wlbd05oc6bgjh28d5pxzsrrph8dgo","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:25:54Z/"}],"url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30933?format=json","purl":"pkg:pypi/apache-superset@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/32253?format=json","purl":"pkg:pypi/apache-superset@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.0"}],"aliases":["CVE-2024-28148","GHSA-299q-3p96-5898"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8s2r-g7nq-9qcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356676?format=json","vulnerability_id":"VCID-98eq-5ynn-2ba5","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13258","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13364","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1337","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13346","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/5"},{"reference_url":"https://github.com/advisories/GHSA-fgpw-4w69-j256","reference_id":"GHSA-fgpw-4w69-j256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgpw-4w69-j256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42505","GHSA-fgpw-4w69-j256"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98eq-5ynn-2ba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138837?format=json","vulnerability_id":"VCID-annr-p6ed-wbaz","summary":"If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37941","reference_id":"","reference_type":"","scores":[{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.99332","published_at":"2026-06-11T12:55:00Z"},{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.99334","published_at":"2026-06-14T12:55:00Z"},{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.99335","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37941"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37941","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37941"},{"reference_url":"https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h","reference_id":"6qk1zscc06yogxxfgz2bh2bvz6vh9g7h","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T18:55:32Z/"}],"url":"https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h"},{"reference_url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_id":"Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T18:55:32Z/"}],"url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"},{"reference_url":"https://github.com/advisories/GHSA-fj4x-m62j-wvwg","reference_id":"GHSA-fj4x-m62j-wvwg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj4x-m62j-wvwg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/379698?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fuze-h6b7-p7ej"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-meyp-4j5x-sfbt"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-37941","GHSA-fj4x-m62j-wvwg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-annr-p6ed-wbaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135602?format=json","vulnerability_id":"VCID-c1du-my8w-3kc4","summary":"An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504","reference_id":"","reference_type":"","scores":[{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52909","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52906","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52924","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52781","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/6","reference_id":"6","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/6"},{"reference_url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6","reference_id":"GHSA-3hp7-4qq4-v5c6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6"},{"reference_url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l","reference_id":"yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31859?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8qnw-zrab-y3ac"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42504","GHSA-3hp7-4qq4-v5c6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c1du-my8w-3kc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44343?format=json","vulnerability_id":"VCID-czv8-b1v4-s3gv","summary":"Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.\n\n issue affects Apache Superset: from 2.0.0 before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53949","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56828","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56703","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56838","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56824","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53949"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/7650c47e72f28559e91524f5d68d50c2060df4c7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/7650c47e72f28559e91524f5d68d50c2060df4c7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53949","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53949"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/09/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/09/4"},{"reference_url":"https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d","reference_id":"d3scbwmfpzbpm6npnzdw5y4owtqqyq8d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-09T15:01:51Z/"}],"url":"https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d"},{"reference_url":"https://github.com/advisories/GHSA-35fc-9hrj-3585","reference_id":"GHSA-35fc-9hrj-3585","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35fc-9hrj-3585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53949","GHSA-35fc-9hrj-3585"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-czv8-b1v4-s3gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121655?format=json","vulnerability_id":"VCID-djyw-btmk-tyc1","summary":"When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.\n\nThis issue affects Apache Superset: before 4.1.3.\n\nUsers are recommended to upgrade to version 4.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673","reference_id":"","reference_type":"","scores":[{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75893","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75887","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75808","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00881","scoring_system":"epss","scoring_elements":"0.75879","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/3"},{"reference_url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r","reference_id":"GHSA-9g5x-mm39-wg9r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r"},{"reference_url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8","reference_id":"h2hw756wk4sj4z49blvzkr5fntl9hlf8","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T14:02:38Z/"}],"url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377620?format=json","purl":"pkg:pypi/apache-superset@4.1.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.3.post1"}],"aliases":["CVE-2025-55673","GHSA-9g5x-mm39-wg9r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djyw-btmk-tyc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46704?format=json","vulnerability_id":"VCID-f3cr-98hh-qygb","summary":"An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.\n\nThis issue affects Apache Superset: before 4.0.2.\n\nUsers are recommended to upgrade to version 4.0.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887","reference_id":"","reference_type":"","scores":[{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98352","published_at":"2026-06-11T12:55:00Z"},{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98359","published_at":"2026-06-13T12:55:00Z"},{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98358","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/5","reference_id":"5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887","reference_id":"CVE-2024-39887","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887"},{"reference_url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj","reference_id":"GHSA-2q6j-vpvr-6pvj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj"},{"reference_url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz","reference_id":"j55vm41jg3l0x6w49zrmvbf3k0ts5fqz","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32665?format=json","purl":"pkg:pypi/apache-superset@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.2"}],"aliases":["CVE-2024-39887","GHSA-2q6j-vpvr-6pvj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3cr-98hh-qygb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135563?format=json","vulnerability_id":"VCID-fuze-h6b7-p7ej","summary":"Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27605","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27615","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.2763","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27402","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/3","reference_id":"3","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/3"},{"reference_url":"https://github.com/advisories/GHSA-vv65-fjfj-4736","reference_id":"GHSA-vv65-fjfj-4736","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv65-fjfj-4736"},{"reference_url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","reference_id":"vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-42501","GHSA-vv65-fjfj-4736"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fuze-h6b7-p7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61980?format=json","vulnerability_id":"VCID-fw5g-fb97-5qgv","summary":"A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69333","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69342","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6924","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69345","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772","reference_id":"CVE-2024-24772","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772"},{"reference_url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5","reference_id":"gfl3ckwy6y9tpz9jmpv62orh2q346sn5","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T17:55:04Z/"}],"url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5"},{"reference_url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4","reference_id":"GHSA-m6jm-3v38-76j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24772","GHSA-m6jm-3v38-76j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fw5g-fb97-5qgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41369?format=json","vulnerability_id":"VCID-h8px-dtx8-7ucd","summary":"A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48443","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48585","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48599","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48581","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/7","reference_id":"7","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/7"},{"reference_url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s","reference_id":"76v1jjcylgk4p3m0258qr359ook3vl8s","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016","reference_id":"CVE-2024-26016","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016"},{"reference_url":"https://github.com/advisories/GHSA-3v9r-885j-762g","reference_id":"GHSA-3v9r-885j-762g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v9r-885j-762g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-26016","GHSA-3v9r-885j-762g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h8px-dtx8-7ucd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357681?format=json","vulnerability_id":"VCID-jbtq-unbj-nyez","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736","reference_id":"","reference_type":"","scores":[{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66233","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66328","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66341","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66339","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751"},{"reference_url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d"},{"reference_url":"https://github.com/apache/superset/pull/25779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25779"},{"reference_url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/2"},{"reference_url":"https://github.com/advisories/GHSA-jfxj-xf67-x723","reference_id":"GHSA-jfxj-xf67-x723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfxj-xf67-x723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380149?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380150?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49736","GHSA-jfxj-xf67-x723"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbtq-unbj-nyez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/356796?format=json","vulnerability_id":"VCID-meyp-4j5x-sfbt","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47068","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47209","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47223","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47205","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw","reference_id":"GHSA-wq8q-99p5-xfrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-43701","GHSA-wq8q-99p5-xfrw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-meyp-4j5x-sfbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121675?format=json","vulnerability_id":"VCID-mjty-hv8c-mbck","summary":"A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5972","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59599","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59708","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/5"},{"reference_url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo","reference_id":"cn49ps15ny3g2b1qzdg5mj7hp47p5jdo","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:49:40Z/"}],"url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo"},{"reference_url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp","reference_id":"GHSA-fxgf-3xh6-m2pp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55674","GHSA-fxgf-3xh6-m2pp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mjty-hv8c-mbck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44491?format=json","vulnerability_id":"VCID-mwbp-vuvw-mua1","summary":"Generation of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.3865","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38466","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38661","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38639","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/09/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/09/3"},{"reference_url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf","reference_id":"8howpf3png0wrgpls46ggk441oczlfvf","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:04:23Z/"}],"url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf"},{"reference_url":"https://github.com/advisories/GHSA-2cx9-54hp-r698","reference_id":"GHSA-2cx9-54hp-r698","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cx9-54hp-r698"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53948","GHSA-2cx9-54hp-r698"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwbp-vuvw-mua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/118233?format=json","vulnerability_id":"VCID-pvr6-v3ds-sqcr","summary":"An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56887","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56876","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56751","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56872","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/30/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/30/3"},{"reference_url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj","reference_id":"GHSA-8w7f-8pr9-xgwj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj"},{"reference_url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135","reference_id":"ms2t2oq218hb7l628trsogo4fj7h1135","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T12:55:47Z/"}],"url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-48912","GHSA-8w7f-8pr9-xgwj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pvr6-v3ds-sqcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/133132?format=json","vulnerability_id":"VCID-q2f7-jq7w-vkc5","summary":"A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.\n\nFor 2.X versions, users should change their config to include:\n\nTALISMAN_CONFIG = {\n    \"content_security_policy\": {\n        \"base-uri\": [\"'self'\"],\n        \"default-src\": [\"'self'\"],\n        \"img-src\": [\"'self'\", \"blob:\", \"data:\"],\n        \"worker-src\": [\"'self'\", \"blob:\"],\n        \"connect-src\": [\n            \"'self'\",\n            \" https://api.mapbox.com\" https://api.mapbox.com\" ;,\n            \" https://events.mapbox.com\" https://events.mapbox.com\" ;,\n        ],\n        \"object-src\": \"'none'\",\n        \"style-src\": [\n            \"'self'\",\n            \"'unsafe-inline'\",\n        ],\n        \"script-src\": [\"'self'\", \"'strict-dynamic'\"],\n    },\n    \"content_security_policy_nonce_in\": [\"script-src\"],\n    \"force_https\": False,\n    \"session_cookie_secure\": False,\n}","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61191","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61081","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61195","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61187","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/23/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/23/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657","reference_id":"CVE-2023-49657","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657"},{"reference_url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6","reference_id":"GHSA-rwhh-6x83-84v6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6"},{"reference_url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx","reference_id":"wjyvz8om9nwd396lh0bt156mtwjxpsvx","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:03:28Z/"}],"url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28540?format=json","purl":"pkg:pypi/apache-superset@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.3"}],"aliases":["CVE-2023-49657","GHSA-rwhh-6x83-84v6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q2f7-jq7w-vkc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61646?format=json","vulnerability_id":"VCID-rkx2-ky5w-myce","summary":"Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35496","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35502","published_at":"2026-06-14T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35518","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35318","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/4","reference_id":"4","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773","reference_id":"CVE-2024-24773","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773"},{"reference_url":"https://github.com/advisories/GHSA-5474-f7g5-273q","reference_id":"GHSA-5474-f7g5-273q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5474-f7g5-273q"},{"reference_url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501","reference_id":"h66fy6nj41cfx07zh7l552w6dmtjh501","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24773","GHSA-5474-f7g5-273q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rkx2-ky5w-myce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132563?format=json","vulnerability_id":"VCID-s7bz-64kr-9yfs","summary":"Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69723","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69825","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69828","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69813","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154"},{"reference_url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/1","reference_id":"1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9","reference_id":"GHSA-95mg-jgfx-54v9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9"},{"reference_url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl","reference_id":"yxbxg4wryb7cb7wyybk11l5nqy0rsrvl","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31858?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-4axb-e4nm-3fcy"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-98eq-5ynn-2ba5"},{"vulnerability":"VCID-c1du-my8w-3kc4"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-jbtq-unbj-nyez"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-ss9d-ku99-b3gf"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/380328?format=json","purl":"pkg:pypi/apache-superset@3.1.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.0rc1"}],"aliases":["CVE-2023-46104","GHSA-95mg-jgfx-54v9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7bz-64kr-9yfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/357680?format=json","vulnerability_id":"VCID-ss9d-ku99-b3gf","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33845","published_at":"2026-06-11T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34022","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34045","published_at":"2026-06-13T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.34024","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6"},{"reference_url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0"},{"reference_url":"https://github.com/apache/superset/pull/25843","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25843"},{"reference_url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/3","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/3"},{"reference_url":"https://github.com/advisories/GHSA-g49j-j489-3xpf","reference_id":"GHSA-g49j-j489-3xpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g49j-j489-3xpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/380149?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/380150?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-19em-abzu-5bd5"},{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-fw5g-fb97-5qgv"},{"vulnerability":"VCID-h8px-dtx8-7ucd"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-q2f7-jq7w-vkc5"},{"vulnerability":"VCID-rkx2-ky5w-myce"},{"vulnerability":"VCID-s7bz-64kr-9yfs"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-uxws-xum3-efgv"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49734","GHSA-g49j-j489-3xpf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ss9d-ku99-b3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66654?format=json","vulnerability_id":"VCID-tvfr-mp56-b7f4","summary":"Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12784","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.1287","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12879","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12889","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980","reference_id":"CVE-2026-23980","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980"},{"reference_url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg","reference_id":"GHSA-gvxg-9hqx-f4rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg"},{"reference_url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4","reference_id":"h4l02zw1pr2vywv0dc5zjn3grdcdhwf4","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:05:27Z/"}],"url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23980","GHSA-gvxg-9hqx-f4rg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tvfr-mp56-b7f4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66947?format=json","vulnerability_id":"VCID-ubwg-81j2-8yhd","summary":"An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.\nWhile the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12856","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12943","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12952","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12963","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/8"},{"reference_url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26","reference_id":"72cmgxtvp9pclto4ln1chbs1227nwd26","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:51:19Z/"}],"url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984","reference_id":"CVE-2026-23984","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984"},{"reference_url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2","reference_id":"GHSA-mwf2-qr4v-94h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23984","GHSA-mwf2-qr4v-94h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ubwg-81j2-8yhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66960?format=json","vulnerability_id":"VCID-us7y-vvzr-2fea","summary":"A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag.\nWhen these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data \n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17696","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17688","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17536","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17713","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/7","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/7"},{"reference_url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww","reference_id":"62mgbc5hc8026skp69kb6vqozj3pr5ww","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:46:54Z/"}],"url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983","reference_id":"CVE-2026-23983","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983"},{"reference_url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj","reference_id":"GHSA-h294-8fxm-m2pj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39575?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23983","GHSA-h294-8fxm-m2pj"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-us7y-vvzr-2fea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61796?format=json","vulnerability_id":"VCID-uxws-xum3-efgv","summary":"Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32612","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.3261","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32633","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32432","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/6","reference_id":"6","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779","reference_id":"CVE-2024-24779","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779"},{"reference_url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj","reference_id":"GHSA-wr6g-9wcr-cmqj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj"},{"reference_url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq","reference_id":"xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29411?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/29413?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-8s2r-g7nq-9qcm"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-vafu-fk53-6yd4"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24779","GHSA-wr6g-9wcr-cmqj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxws-xum3-efgv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/121536?format=json","vulnerability_id":"VCID-v735-muyq-h7hr","summary":"A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672","reference_id":"","reference_type":"","scores":[{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44475","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44316","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44469","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00217","scoring_system":"epss","scoring_elements":"0.44488","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/4"},{"reference_url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4","reference_id":"GHSA-fj97-2v9x-w5m4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4"},{"reference_url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj","reference_id":"rvh7fdjfzxzjhcfwoz7twc2brhvochdj","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:52:16Z/"}],"url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/377635?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55672","GHSA-fj97-2v9x-w5m4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v735-muyq-h7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49457?format=json","vulnerability_id":"VCID-vafu-fk53-6yd4","summary":"Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table.This issue affects Apache Superset: before 3.1.3 and version 4.0.0\n\nUsers are recommended to upgrade to version 4.0.1 or 3.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693","reference_id":"","reference_type":"","scores":[{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94122","published_at":"2026-06-11T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.9415","published_at":"2026-06-14T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94148","published_at":"2026-06-13T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94143","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/20/1","reference_id":"1","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/20/1"},{"reference_url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon","reference_id":"1803x1s34m7r71h1k0q1njol8k6fmyon","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693","reference_id":"CVE-2024-34693","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693"},{"reference_url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq","reference_id":"GHSA-hcr7-cqwc-q5gq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32255?format=json","purl":"pkg:pypi/apache-superset@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/32254?format=json","purl":"pkg:pypi/apache-superset@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gqt-cpea-b7ht"},{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-czv8-b1v4-s3gv"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-f3cr-98hh-qygb"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-mwbp-vuvw-mua1"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-xsmf-gtwu-1kae"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.1"}],"aliases":["CVE-2024-34693","GHSA-hcr7-cqwc-q5gq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vafu-fk53-6yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44744?format=json","vulnerability_id":"VCID-xsmf-gtwu-1kae","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61214","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61219","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61108","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61223","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947"},{"reference_url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm","reference_id":"GHSA-92qf-8gh3-gwcm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm"},{"reference_url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn","reference_id":"hj3gfsjh67vqw12nlrshlsym4bkopjmn","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:05:04Z/"}],"url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372313?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-35bq-93h8-qufg"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-pvr6-v3ds-sqcr"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"},{"vulnerability":"VCID-zvzt-19xv-6ubd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53947","GHSA-92qf-8gh3-gwcm"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xsmf-gtwu-1kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116858?format=json","vulnerability_id":"VCID-zvzt-19xv-6ubd","summary":"Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\n\nThis issue affects Apache Superset: through 4.1.1.\n\nUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23681","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23671","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23484","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2369","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/12/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/12/3"},{"reference_url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j","reference_id":"GHSA-w6c7-j32f-rq8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j"},{"reference_url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413","reference_id":"k2od03bxnxs6vcp80sr03ywcxl194413","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T13:15:33Z/"}],"url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/39576?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2bqf-unav-tbfs"},{"vulnerability":"VCID-8bqq-wrc2-b3de"},{"vulnerability":"VCID-djyw-btmk-tyc1"},{"vulnerability":"VCID-mjty-hv8c-mbck"},{"vulnerability":"VCID-tvfr-mp56-b7f4"},{"vulnerability":"VCID-ubwg-81j2-8yhd"},{"vulnerability":"VCID-us7y-vvzr-2fea"},{"vulnerability":"VCID-v735-muyq-h7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-27696","GHSA-w6c7-j32f-rq8j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zvzt-19xv-6ubd"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc2"}