{"url":"http://public2.vulnerablecode.io/api/packages/673055?format=json","purl":"pkg:pypi/apache-superset@2.1.1rc3","type":"pypi","namespace":"","name":"apache-superset","version":"2.1.1rc3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"6.0.0","latest_non_vulnerable_version":"6.0.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56324?format=json","vulnerability_id":"VCID-2gr1-bbms-4qcv","summary":"Apache Superset: Error verbosity exposes metadata in analytics databases\nGeneration of Error Message Containing analytics metadata Information in Apache Superset.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948","reference_id":"","reference_type":"","scores":[{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38459","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38416","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38405","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38434","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00172","scoring_system":"epss","scoring_elements":"0.38462","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53948"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/ac3a10d8f192520580b8ce545cf418dc7928d27c"},{"reference_url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:04:23Z/"}],"url":"https://lists.apache.org/thread/8howpf3png0wrgpls46ggk441oczlfvf"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/09/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/09/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948","reference_id":"CVE-2024-53948","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53948"},{"reference_url":"https://github.com/advisories/GHSA-2cx9-54hp-r698","reference_id":"GHSA-2cx9-54hp-r698","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2cx9-54hp-r698"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83473?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53948","GHSA-2cx9-54hp-r698"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2gr1-bbms-4qcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57377?format=json","vulnerability_id":"VCID-35st-tkb8-hkfu","summary":"Apache Superset: Improper authorization bypass on row level security via SQL Injection\nAn authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into 'sqlExpression' fields. This allowed the execution of sub-queries to evade parsing defenses ultimately granting unauthorized access to data.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56677","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56688","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5668","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56682","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56662","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-48912"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T12:55:47Z/"}],"url":"https://lists.apache.org/thread/ms2t2oq218hb7l628trsogo4fj7h1135"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/30/3","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/30/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912","reference_id":"CVE-2025-48912","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-48912"},{"reference_url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj","reference_id":"GHSA-8w7f-8pr9-xgwj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8w7f-8pr9-xgwj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74210?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-48912","GHSA-8w7f-8pr9-xgwj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-35st-tkb8-hkfu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46875?format=json","vulnerability_id":"VCID-4dwf-75bu-pkas","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update permissions on charts or dashboards could store a script or add a specific HTML snippet that would act as a stored XSS.\n\nFor 2.X versions, users should change their config to include:\n\nTALISMAN_CONFIG = {\n    \"content_security_policy\": {\n        \"base-uri\": [\"'self'\"],\n        \"default-src\": [\"'self'\"],\n        \"img-src\": [\"'self'\", \"blob:\", \"data:\"],\n        \"worker-src\": [\"'self'\", \"blob:\"],\n        \"connect-src\": [\n            \"'self'\",\n            \" https://api.mapbox.com\" https://api.mapbox.com\" ;,\n            \" https://events.mapbox.com\" https://events.mapbox.com\" ;,\n        ],\n        \"object-src\": \"'none'\",\n        \"style-src\": [\n            \"'self'\",\n            \"'unsafe-inline'\",\n        ],\n        \"script-src\": [\"'self'\", \"'strict-dynamic'\"],\n    },\n    \"content_security_policy_nonce_in\": [\"script-src\"],\n    \"force_https\": False,\n    \"session_cookie_secure\": False,\n}","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61022","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61013","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60994","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61011","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61015","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49657"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-23T16:03:28Z/"}],"url":"https://lists.apache.org/thread/wjyvz8om9nwd396lh0bt156mtwjxpsvx"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/23/5","reference_id":"","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/01/23/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657","reference_id":"CVE-2023-49657","reference_type":"","scores":[{"value":"9.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49657"},{"reference_url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6","reference_id":"GHSA-rwhh-6x83-84v6","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rwhh-6x83-84v6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68581?format=json","purl":"pkg:pypi/apache-superset@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.3"}],"aliases":["CVE-2023-49657","GHSA-rwhh-6x83-84v6"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dwf-75bu-pkas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55396?format=json","vulnerability_id":"VCID-4pqk-ftt6-dqd8","summary":"Apache Superset server arbitrary file read\nImproper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile enabled. If both the MariaDB server (off by default) and the local mysql client on the web server are set to allow for local infile, it's possible for the attacker to execute a specific MySQL/MariaDB SQL command that is able to read files from the server and insert their content on a MariaDB database table. This issue affects Apache Superset before version 3.1.3 and in version 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.1 or 3.1.3, both of which fix the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693","reference_id":"","reference_type":"","scores":[{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94101","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94107","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94103","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12622","scoring_system":"epss","scoring_elements":"0.94102","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-34693"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"https://lists.apache.org/thread/1803x1s34m7r71h1k0q1njol8k6fmyon"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/20/1","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-20T12:55:23Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/20/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693","reference_id":"CVE-2024-34693","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34693"},{"reference_url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq","reference_id":"GHSA-hcr7-cqwc-q5gq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hcr7-cqwc-q5gq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81902?format=json","purl":"pkg:pypi/apache-superset@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/81903?format=json","purl":"pkg:pypi/apache-superset@4.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.1"}],"aliases":["CVE-2024-34693","GHSA-hcr7-cqwc-q5gq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4pqk-ftt6-dqd8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46499?format=json","vulnerability_id":"VCID-57hs-r8v7-jfhb","summary":"URL Redirection to Untrusted Site ('Open Redirect')\nAn authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset versions before 3.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502","reference_id":"","reference_type":"","scores":[{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25621","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25567","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0009","scoring_system":"epss","scoring_elements":"0.25612","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27025","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27033","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42502"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/n8348f194d8o8mln3oxd0s8jdl5bxbmn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502","reference_id":"CVE-2023-42502","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42502"},{"reference_url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv","reference_id":"GHSA-hc74-9vjm-c9xv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hc74-9vjm-c9xv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67928?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fu1t-pdeb-t7er"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42502","GHSA-hc74-9vjm-c9xv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57hs-r8v7-jfhb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46478?format=json","vulnerability_id":"VCID-5s4g-pb63-3ucg","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nImproper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API endpoint. This issue affects Apache Superset versions prior to 2.1.2. \nUsers are recommended to upgrade to version 2.1.2, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701","reference_id":"","reference_type":"","scores":[{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.46996","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47026","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47043","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.47007","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00237","scoring_system":"epss","scoring_elements":"0.4704","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-43701"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/4dnr1knk50fw60jxkjgqj228f0xcc892"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701","reference_id":"CVE-2023-43701","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-43701"},{"reference_url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw","reference_id":"GHSA-wq8q-99p5-xfrw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wq8q-99p5-xfrw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67865?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-43701","GHSA-wq8q-99p5-xfrw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5s4g-pb63-3ucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46487?format=json","vulnerability_id":"VCID-6s5d-gpyj-5ycf","summary":"Apache Superset has Incorrect Default Permissions\nUnnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.\nThis issue affects Apache Superset: before 2.1.2.\nUsers should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501","reference_id":"","reference_type":"","scores":[{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27364","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27414","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27453","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27371","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00101","scoring_system":"epss","scoring_elements":"0.27504","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42501"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"https://lists.apache.org/thread/vk1rmrh9kz0chjmc9tk7o3md6zpz4ygh"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T19:01:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501","reference_id":"CVE-2023-42501","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42501"},{"reference_url":"https://github.com/advisories/GHSA-vv65-fjfj-4736","reference_id":"GHSA-vv65-fjfj-4736","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vv65-fjfj-4736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67865?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-42501","GHSA-vv65-fjfj-4736"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6s5d-gpyj-5ycf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57839?format=json","vulnerability_id":"VCID-8mj1-r3na-zbdx","summary":"Apache Superset data query improperly discloses database schema information to low-privileged guest user\nWhen a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its payload. This field contains the underlying query, which improperly discloses database schema information, such as table names, to the low-privileged guest user.\n\nThis issue affects Apache Superset: before 4.1.3.\n\nUsers are recommended to upgrade to version 4.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673","reference_id":"","reference_type":"","scores":[{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56137","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56149","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5614","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.56143","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00329","scoring_system":"epss","scoring_elements":"0.5612","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55673"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T14:02:38Z/"}],"url":"https://lists.apache.org/thread/h2hw756wk4sj4z49blvzkr5fntl9hlf8"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/3","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673","reference_id":"CVE-2025-55673","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55673"},{"reference_url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r","reference_id":"GHSA-9g5x-mm39-wg9r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g5x-mm39-wg9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86078?format=json","purl":"pkg:pypi/apache-superset@4.1.3.post1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.3.post1"}],"aliases":["CVE-2025-55673","GHSA-9g5x-mm39-wg9r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8mj1-r3na-zbdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46702?format=json","vulnerability_id":"VCID-8rft-nf84-bqew","summary":"Apache Superset uncontrolled resource consumption\nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.\nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104","reference_id":"","reference_type":"","scores":[{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69656","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69665","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69645","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69666","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00592","scoring_system":"epss","scoring_elements":"0.69658","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46104"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/7c23cb0b3fd224c320b35f05e74b572033569154"},{"reference_url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/f473d13d0d89de5990209ff81b17dfe2cee884d3"},{"reference_url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"https://lists.apache.org/thread/yxbxg4wryb7cb7wyybk11l5nqy0rsrvl"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:37:09Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104","reference_id":"CVE-2023-46104","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46104"},{"reference_url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9","reference_id":"GHSA-95mg-jgfx-54v9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-95mg-jgfx-54v9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67865?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/68283?format=json","purl":"pkg:pypi/apache-superset@3.1.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.0rc1"}],"aliases":["CVE-2023-46104","GHSA-95mg-jgfx-54v9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8rft-nf84-bqew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54755?format=json","vulnerability_id":"VCID-9dnd-981v-nyg1","summary":"Apache Superset Incorrect Authorization vulnerability\nAn authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request. This issue affects Apache Superset before 4.0.0.\n\nUsers are recommended to upgrade to version 4.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23684","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23784","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.238","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.2369","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23738","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-28148"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-09T18:25:54Z/"}],"url":"https://lists.apache.org/thread/n27wlbd05oc6bgjh28d5pxzsrrph8dgo"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148","reference_id":"CVE-2024-28148","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-28148"},{"reference_url":"https://github.com/advisories/GHSA-299q-3p96-5898","reference_id":"GHSA-299q-3p96-5898","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-299q-3p96-5898"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/109808?format=json","purl":"pkg:pypi/apache-superset@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/81207?format=json","purl":"pkg:pypi/apache-superset@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.0"}],"aliases":["CVE-2024-28148","GHSA-299q-3p96-5898"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9dnd-981v-nyg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46705?format=json","vulnerability_id":"VCID-9sjc-bhv6-33dk","summary":"Apache Superset incorrect write permissions vulnerability\nAn authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 3.0.2 or 2.1.3, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33814","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33806","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33781","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33848","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33833","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49734"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/5198279a2ba41ab3e89bd9d7750694179d3f9fe6"},{"reference_url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/cb6de0a9c9f505ee3f26e79ca9bfa5f3901528a0"},{"reference_url":"https://github.com/apache/superset/pull/25843","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25843"},{"reference_url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/985h6ltvtbvdoysso780kkj7x744cds5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/3","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734","reference_id":"CVE-2023-49734","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49734"},{"reference_url":"https://github.com/advisories/GHSA-g49j-j489-3xpf","reference_id":"GHSA-g49j-j489-3xpf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g49j-j489-3xpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68290?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/68291?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49734","GHSA-g49j-j489-3xpf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9sjc-bhv6-33dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46500?format=json","vulnerability_id":"VCID-a6k1-hw62-93hd","summary":"Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability\nAn authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.\n\nThis issue affects Apache Superset before 3.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13147","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13223","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13262","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13178","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42505"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/bd0fhtfzrtgo1q8x35tpm8ms144d1t2y"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505","reference_id":"CVE-2023-42505","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42505"},{"reference_url":"https://github.com/advisories/GHSA-fgpw-4w69-j256","reference_id":"GHSA-fgpw-4w69-j256","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fgpw-4w69-j256"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67928?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fu1t-pdeb-t7er"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42505","GHSA-fgpw-4w69-j256"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a6k1-hw62-93hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57286?format=json","vulnerability_id":"VCID-bzqd-gxbh-4kh5","summary":"Apache Superset Allows Ownership Takeover\nImproper Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users with read permissions.\n\nThis issue affects Apache Superset: through 4.1.1.\n\nUsers are recommended to upgrade to version 4.1.2 or above, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23557","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23445","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2344","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23495","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23541","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27696"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/fc844d3dfdace890b32c00a507a959b81122b425"},{"reference_url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-13T13:15:33Z/"}],"url":"https://lists.apache.org/thread/k2od03bxnxs6vcp80sr03ywcxl194413"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/05/12/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/05/12/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696","reference_id":"CVE-2025-27696","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27696"},{"reference_url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j","reference_id":"GHSA-w6c7-j32f-rq8j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6c7-j32f-rq8j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74210?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2025-27696","GHSA-w6c7-j32f-rq8j"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzqd-gxbh-4kh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50312?format=json","vulnerability_id":"VCID-cm8z-243v-63h6","summary":"Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine\nApache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL functions within SQL Lab and charts. While this feature included restrictions for engines like PostgreSQL, a vulnerability was reported where the default list for the ClickHouse engine was incomplete.\n\nThis issue affects Apache Superset: before 4.1.2.\n\nUsers are recommended to upgrade to version 4.1.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969","reference_id":"","reference_type":"","scores":[{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21402","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21509","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21522","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21412","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00069","scoring_system":"epss","scoring_elements":"0.21461","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23969"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:03:24Z/"}],"url":"https://lists.apache.org/thread/2q22sp4oj3krcgdkxchhtht0vgwp2wnd"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969","reference_id":"CVE-2026-23969","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23969"},{"reference_url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m","reference_id":"GHSA-48m2-v2r8-h23m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-48m2-v2r8-h23m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74210?format=json","purl":"pkg:pypi/apache-superset@4.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.2"}],"aliases":["CVE-2026-23969","GHSA-48m2-v2r8-h23m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cm8z-243v-63h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46481?format=json","vulnerability_id":"VCID-djz3-8mxm-8bgn","summary":"Incorrect Authorization\nImproper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40610","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54355","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54322","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54344","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54346","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40610"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:59:25Z/"}],"url":"https://lists.apache.org/thread/jvgxpk4dbxyqtsgtl4pdgbd520rc0rot"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/27/2","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:59:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/27/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40610","reference_id":"CVE-2023-40610","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40610"},{"reference_url":"https://github.com/advisories/GHSA-392c-vjfv-h7wr","reference_id":"GHSA-392c-vjfv-h7wr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-392c-vjfv-h7wr"},{"reference_url":"https://github.com/advisories/GHSA-f678-j579-4xf5","reference_id":"GHSA-f678-j579-4xf5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f678-j579-4xf5"},{"reference_url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5","reference_id":"GHSA-f678-j579-4xf5","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T13:59:25Z/"}],"url":"https://github.com/orangecertcc/security-research/security/advisories/GHSA-f678-j579-4xf5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67865?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"}],"aliases":["CVE-2023-40610","GHSA-392c-vjfv-h7wr","GHSA-f678-j579-4xf5","GMS-2023-5275"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-djz3-8mxm-8bgn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56317?format=json","vulnerability_id":"VCID-fnqj-j4xk-xbdv","summary":"Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled\nImproper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API.\n\nissue affects Apache Superset: from 2.0.0 before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53949","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56634","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56632","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56614","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56628","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.5664","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53949"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/7650c47e72f28559e91524f5d68d50c2060df4c7","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/7650c47e72f28559e91524f5d68d50c2060df4c7"},{"reference_url":"https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-12-09T15:01:51Z/"}],"url":"https://lists.apache.org/thread/d3scbwmfpzbpm6npnzdw5y4owtqqyq8d"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/09/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/09/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53949","reference_id":"CVE-2024-53949","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53949"},{"reference_url":"https://github.com/advisories/GHSA-35fc-9hrj-3585","reference_id":"GHSA-35fc-9hrj-3585","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-35fc-9hrj-3585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83473?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53949","GHSA-35fc-9hrj-3585"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fnqj-j4xk-xbdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50336?format=json","vulnerability_id":"VCID-ftpt-n6j5-8uf2","summary":"Apache Superset Improper Authorization allows low-privileged users to bypass access controls\nAn Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When creating a dataset, Superset enforces permission checks to prevent users from querying unauthorized data. However, an authenticated attacker with permissions to write datasets and read charts can bypass these checks by overwriting the SQL query of an existing dataset.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.1342","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13337","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13305","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13385","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13426","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23982"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:44:20Z/"}],"url":"https://lists.apache.org/thread/9lvbzwkw4rxgdvbpfvnnnfcll92v75fp"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/6","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982","reference_id":"CVE-2026-23982","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23982"},{"reference_url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc","reference_id":"GHSA-3m2g-v7jf-7fxc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3m2g-v7jf-7fxc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74227?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23982","GHSA-3m2g-v7jf-7fxc"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftpt-n6j5-8uf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55099?format=json","vulnerability_id":"VCID-fu1t-pdeb-t7er","summary":"Apache Superset uncontrolled resource consumption\n## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of CVE-2023-46104. This link is maintained to preserve external references.\n\n## Original Description\nWith correct CVE version ranges for affected Apache Superset.\n \nUncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets.  \nThis vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952","reference_id":"","reference_type":"","scores":[{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.8064","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80654","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80634","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80638","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0138","scoring_system":"epss","scoring_elements":"0.80641","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-23952"},{"reference_url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/14/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T19:21:25Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952","reference_id":"CVE-2024-23952","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-23952"},{"reference_url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9","reference_id":"GHSA-v7q3-5rqm-x7m9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v7q3-5rqm-x7m9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67865?format=json","purl":"pkg:pypi/apache-superset@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/81685?format=json","purl":"pkg:pypi/apache-superset@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.1"}],"aliases":["CVE-2024-23952","GHSA-v7q3-5rqm-x7m9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fu1t-pdeb-t7er"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57848?format=json","vulnerability_id":"VCID-fy2u-7r3d-rbbf","summary":"Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to access\nApache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an authenticated user to discover metadata about datasources they do not have permission to access. By iterating through the datasource_id in the URL, an attacker can enumerate and confirm the existence and names of protected datasources, leading to sensitive information disclosure.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.262","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26245","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2615","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26253","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26143","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55675"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:47:53Z/"}],"url":"https://lists.apache.org/thread/op681b4kbd7g84tfjf9omz0sxggbcv33"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675","reference_id":"CVE-2025-55675","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55675"},{"reference_url":"https://github.com/advisories/GHSA-mhpq-m962-mg92","reference_id":"GHSA-mhpq-m962-mg92","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mhpq-m962-mg92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86086?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55675","GHSA-mhpq-m962-mg92"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fy2u-7r3d-rbbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47155?format=json","vulnerability_id":"VCID-gymy-1e3d-h3em","summary":"Apache Superset: Improper error handling on alerts\nAn authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32137","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32036","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32069","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32106","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.3206","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27315"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-27T16:03:10Z/"}],"url":"https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315","reference_id":"CVE-2024-27315","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27315"},{"reference_url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r","reference_id":"GHSA-h7r6-8qmm-hj5r","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h7r6-8qmm-hj5r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69184?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69185?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-27315","GHSA-h7r6-8qmm-hj5r"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gymy-1e3d-h3em"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50340?format=json","vulnerability_id":"VCID-hpgv-z5gk-tkhs","summary":"Apache Superset allows authenticated users to view sensitive data without explicit permissions\nA Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The Tag endpoint (disabled by default) allows users to retrieve a list of objects associated with a specific tag.\nWhen these associated objects include Users, the API response improperly serializes and returns sensitive fields, including password hashes (pbkdf2), email addresses, and login statistics. This vulnerability allows authenticated users with low privileges (e.g., Gamma role) to view sensitive authentication data\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue or make sure TAGGING_SYSTEM is False (Apache Superset current default)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17558","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17451","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17434","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17514","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17552","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23983"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:46:54Z/"}],"url":"https://lists.apache.org/thread/62mgbc5hc8026skp69kb6vqozj3pr5ww"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/7","reference_id":"","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983","reference_id":"CVE-2026-23983","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23983"},{"reference_url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj","reference_id":"GHSA-h294-8fxm-m2pj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h294-8fxm-m2pj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74227?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23983","GHSA-h294-8fxm-m2pj"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpgv-z5gk-tkhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55523?format=json","vulnerability_id":"VCID-q3qz-uq7w-j3gy","summary":"Apache Superset vulnerable to improper SQL authorization\nAn SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. To mitigate this, a new configuration key named DISALLOWED_SQL_FUNCTIONS has been introduced. This key disallows the use of the following PostgreSQL functions: version, query_to_xml, inet_server_addr, and inet_client_addr. Additional functions can be added to this list for increased protection.\n\nThis issue affects Apache Superset: before 4.0.2.\n\nUsers are recommended to upgrade to version 4.0.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887","reference_id":"","reference_type":"","scores":[{"value":"0.60251","scoring_system":"epss","scoring_elements":"0.98309","published_at":"2026-06-05T12:55:00Z"},{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98348","published_at":"2026-06-09T12:55:00Z"},{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.98349","published_at":"2026-06-07T12:55:00Z"},{"value":"0.61396","scoring_system":"epss","scoring_elements":"0.9835","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39887"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/56f0103b5771d477dd106272abbd8021c9ea7506"},{"reference_url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"https://lists.apache.org/thread/j55vm41jg3l0x6w49zrmvbf3k0ts5fqz"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T17:48:36Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887","reference_id":"CVE-2024-39887","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39887"},{"reference_url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj","reference_id":"GHSA-2q6j-vpvr-6pvj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2q6j-vpvr-6pvj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82190?format=json","purl":"pkg:pypi/apache-superset@4.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.0.2"}],"aliases":["CVE-2024-39887","GHSA-2q6j-vpvr-6pvj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q3qz-uq7w-j3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56318?format=json","vulnerability_id":"VCID-qjuf-y3k1-yffm","summary":"Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions\nImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema.\n\nThis issue affects Apache Superset: <4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61043","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.6104","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61021","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61039","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.61051","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53947"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/0e0028260fc8a2099250701524a489f3c9aa146f"},{"reference_url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-09T15:05:04Z/"}],"url":"https://lists.apache.org/thread/hj3gfsjh67vqw12nlrshlsym4bkopjmn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947","reference_id":"CVE-2024-53947","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-53947"},{"reference_url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm","reference_id":"GHSA-92qf-8gh3-gwcm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92qf-8gh3-gwcm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83473?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-53947","GHSA-92qf-8gh3-gwcm"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qjuf-y3k1-yffm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47147?format=json","vulnerability_id":"VCID-r5d4-t9k4-27hm","summary":"Apache Superset: Improper Neutralization of custom SQL on embedded context\nA guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772","reference_id":"","reference_type":"","scores":[{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69184","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69165","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.69189","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00575","scoring_system":"epss","scoring_elements":"0.6918","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24772"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T17:55:04Z/"}],"url":"https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/5","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772","reference_id":"CVE-2024-24772","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24772"},{"reference_url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4","reference_id":"GHSA-m6jm-3v38-76j4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6jm-3v38-76j4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69184?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69185?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24772","GHSA-m6jm-3v38-76j4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r5d4-t9k4-27hm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50343?format=json","vulnerability_id":"VCID-t415-wgxb-5kbt","summary":"Apache Superset allows privileged users to conduct error-based SQL Injection\nImproper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an authenticated user with read access to conduct error-based SQL injection via the sqlExpression or where parameters.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12666","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12785","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12781","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12697","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12748","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23980"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:05:27Z/"}],"url":"https://lists.apache.org/thread/h4l02zw1pr2vywv0dc5zjn3grdcdhwf4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980","reference_id":"CVE-2026-23980","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23980"},{"reference_url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg","reference_id":"GHSA-gvxg-9hqx-f4rg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gvxg-9hqx-f4rg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74227?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23980","GHSA-gvxg-9hqx-f4rg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t415-wgxb-5kbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57856?format=json","vulnerability_id":"VCID-tn5d-naa3-uuba","summary":"Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerability\nA stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions to edit charts can inject a malicious payload into a column's label. The payload is not properly sanitized and gets executed in the victim's browser when they hover over the chart, potentially leading to session hijacking or the execution of arbitrary commands on behalf of the user.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672","reference_id":"","reference_type":"","scores":[{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23811","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23716","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23826","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23711","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0008","scoring_system":"epss","scoring_elements":"0.23765","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55672"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:52:16Z/"}],"url":"https://lists.apache.org/thread/rvh7fdjfzxzjhcfwoz7twc2brhvochdj"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672","reference_id":"CVE-2025-55672","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55672"},{"reference_url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4","reference_id":"GHSA-fj97-2v9x-w5m4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj97-2v9x-w5m4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86086?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55672","GHSA-fj97-2v9x-w5m4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tn5d-naa3-uuba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47153?format=json","vulnerability_id":"VCID-tphc-bczq-73e6","summary":"Apache Superset: Improper authorization validation on dashboards and charts import\nA low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016","reference_id":"","reference_type":"","scores":[{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48369","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48417","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48413","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48381","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00249","scoring_system":"epss","scoring_elements":"0.48398","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26016"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/7","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T18:55:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016","reference_id":"CVE-2024-26016","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26016"},{"reference_url":"https://github.com/advisories/GHSA-3v9r-885j-762g","reference_id":"GHSA-3v9r-885j-762g","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v9r-885j-762g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69184?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69185?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-26016","GHSA-3v9r-885j-762g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tphc-bczq-73e6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46706?format=json","vulnerability_id":"VCID-tuy6-zf18-fbaz","summary":"Apache Superset SQL injection vulnerability\nA where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in Apache Superset.This issue affects Apache Superset: before 2.1.3, from 3.0.0 before 3.0.2.\n\nUsers are recommended to upgrade to version 2.1.3 or 3.0.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736","reference_id":"","reference_type":"","scores":[{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66167","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66179","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66185","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00496","scoring_system":"epss","scoring_elements":"0.66186","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49736"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/1d403dab9822a8cee6108669c53e53fad881c751"},{"reference_url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/commit/34101594e284ab3acce692f41aff7759ccb4bf1d"},{"reference_url":"https://github.com/apache/superset/pull/25779","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset/pull/25779"},{"reference_url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/1kf481bgs3451qcz6hfhobs7xvhp8n1p"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/19/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/19/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736","reference_id":"CVE-2023-49736","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49736"},{"reference_url":"https://github.com/advisories/GHSA-jfxj-xf67-x723","reference_id":"GHSA-jfxj-xf67-x723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfxj-xf67-x723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68290?format=json","purl":"pkg:pypi/apache-superset@2.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/68291?format=json","purl":"pkg:pypi/apache-superset@3.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.2"}],"aliases":["CVE-2023-49736","GHSA-jfxj-xf67-x723"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tuy6-zf18-fbaz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47144?format=json","vulnerability_id":"VCID-txkg-ydf2-uuc4","summary":"Apache Superset: Improper validation of SQL statements allows for unauthorized access to data\nImproper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773","reference_id":"","reference_type":"","scores":[{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35319","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35272","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35252","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35293","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0015","scoring_system":"epss","scoring_elements":"0.35329","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24773"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/4","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-15T20:46:05Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773","reference_id":"CVE-2024-24773","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24773"},{"reference_url":"https://github.com/advisories/GHSA-5474-f7g5-273q","reference_id":"GHSA-5474-f7g5-273q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5474-f7g5-273q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69184?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69185?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24773","GHSA-5474-f7g5-273q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txkg-ydf2-uuc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50351?format=json","vulnerability_id":"VCID-v1xw-5b4s-cqhx","summary":"Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL Connections\nAn Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the read-only verification check when using a PostgreSQL database connection.\nWhile the system effectively blocks standard Data Manipulation Language (DML) statements (e.g., INSERT, UPDATE, DELETE) on read-only connections, it fails to detect them in specially crafted SQL statements.\n\nThis issue affects Apache Superset: before 6.0.0.\n\nUsers are recommended to upgrade to version 6.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12742","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12862","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12772","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12828","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-23984"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:51:19Z/"}],"url":"https://lists.apache.org/thread/72cmgxtvp9pclto4ln1chbs1227nwd26"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/24/8","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/24/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984","reference_id":"CVE-2026-23984","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23984"},{"reference_url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2","reference_id":"GHSA-mwf2-qr4v-94h2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mwf2-qr4v-94h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74227?format=json","purl":"pkg:pypi/apache-superset@6.0.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@6.0.0"}],"aliases":["CVE-2026-23984","GHSA-mwf2-qr4v-94h2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1xw-5b4s-cqhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47154?format=json","vulnerability_id":"VCID-wffj-kw7t-k7g3","summary":"Apache Superset: Improper data authorization when creating a new dataset\nApache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779","reference_id":"","reference_type":"","scores":[{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32469","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32391","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32369","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32398","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00133","scoring_system":"epss","scoring_elements":"0.32437","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24779"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/28/6","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-28T20:17:04Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/02/28/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779","reference_id":"CVE-2024-24779","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24779"},{"reference_url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj","reference_id":"GHSA-wr6g-9wcr-cmqj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wr6g-9wcr-cmqj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/69184?format=json","purl":"pkg:pypi/apache-superset@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69185?format=json","purl":"pkg:pypi/apache-superset@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.1.1"}],"aliases":["CVE-2024-24779","GHSA-wr6g-9wcr-cmqj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wffj-kw7t-k7g3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45975?format=json","vulnerability_id":"VCID-wy7s-yvj8-vufz","summary":"Deserialization of Untrusted Data\nIf an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. This vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0.","references":[{"reference_url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T18:55:32Z/"}],"url":"http://packetstormsecurity.com/files/175094/Apache-Superset-2.0.0-Remote-Code-Execution.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37941","reference_id":"","reference_type":"","scores":[{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.99331","published_at":"2026-06-09T12:55:00Z"},{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.99329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.84244","scoring_system":"epss","scoring_elements":"0.9933","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37941"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T18:55:32Z/"}],"url":"https://lists.apache.org/thread/6qk1zscc06yogxxfgz2bh2bvz6vh9g7h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37941","reference_id":"CVE-2023-37941","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37941"},{"reference_url":"https://github.com/advisories/GHSA-fj4x-m62j-wvwg","reference_id":"GHSA-fj4x-m62j-wvwg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fj4x-m62j-wvwg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/66803?format=json","purl":"pkg:pypi/apache-superset@2.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-57hs-r8v7-jfhb"},{"vulnerability":"VCID-5s4g-pb63-3ucg"},{"vulnerability":"VCID-6s5d-gpyj-5ycf"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-a6k1-hw62-93hd"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-djz3-8mxm-8bgn"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fu1t-pdeb-t7er"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"},{"vulnerability":"VCID-zarx-zjca-wuag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1"}],"aliases":["CVE-2023-37941","GHSA-fj4x-m62j-wvwg"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wy7s-yvj8-vufz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56346?format=json","vulnerability_id":"VCID-x5yk-adk3-b7g8","summary":"Apache Superset: SQLLab Improper readonly query validation allows unauthorized write access\nImproper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable.\n\nThis issue affects Apache Superset: before 4.1.0.\n\nUsers are recommended to upgrade to version 4.1.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633","reference_id":"","reference_type":"","scores":[{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77833","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.77838","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7782","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7783","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01043","scoring_system":"epss","scoring_elements":"0.7784","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-55633"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-12T15:27:53Z/"}],"url":"https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/12/12/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/12/12/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633","reference_id":"CVE-2024-55633","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-55633"},{"reference_url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv","reference_id":"GHSA-787v-v9vq-4rgv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-787v-v9vq-4rgv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/83473?format=json","purl":"pkg:pypi/apache-superset@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@4.1.0"}],"aliases":["CVE-2024-55633","GHSA-787v-v9vq-4rgv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x5yk-adk3-b7g8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57858?format=json","vulnerability_id":"VCID-ys7s-ahtc-c3hg","summary":"Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functions\nA bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker can use a special inline block to circumvent the denylist. This allows a user with SQL Lab access to execute functions that were intended to be disabled, leading to the disclosure of sensitive database information like the software version.\n\nThis issue affects Apache Superset: before 5.0.0.\n\nUsers are recommended to upgrade to version 5.0.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674","reference_id":"","reference_type":"","scores":[{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33817","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33851","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33809","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33835","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0014","scoring_system":"epss","scoring_elements":"0.33784","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55674"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:49:40Z/"}],"url":"https://lists.apache.org/thread/cn49ps15ny3g2b1qzdg5mj7hp47p5jdo"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/08/14/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/08/14/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674","reference_id":"CVE-2025-55674","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55674"},{"reference_url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp","reference_id":"GHSA-fxgf-3xh6-m2pp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fxgf-3xh6-m2pp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86086?format=json","purl":"pkg:pypi/apache-superset@5.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@5.0.0"}],"aliases":["CVE-2025-55674","GHSA-fxgf-3xh6-m2pp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ys7s-ahtc-c3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46496?format=json","vulnerability_id":"VCID-zarx-zjca-wuag","summary":"Allocation of Resources Without Limits or Throttling\nAn authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.\n\nThis issue affects Apache Superset: before 3.0.0","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504","reference_id":"","reference_type":"","scores":[{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.5016","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50153","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00264","scoring_system":"epss","scoring_elements":"0.50169","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52686","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0029","scoring_system":"epss","scoring_elements":"0.52709","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42504"},{"reference_url":"https://github.com/apache/superset","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/superset"},{"reference_url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"https://lists.apache.org/thread/yzq5gk1y9lyw6nxwd3xdkxg1djqw1h6l"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/28/6","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-20T18:13:10Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/28/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504","reference_id":"CVE-2023-42504","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42504"},{"reference_url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6","reference_id":"GHSA-3hp7-4qq4-v5c6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3hp7-4qq4-v5c6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67928?format=json","purl":"pkg:pypi/apache-superset@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gr1-bbms-4qcv"},{"vulnerability":"VCID-35st-tkb8-hkfu"},{"vulnerability":"VCID-4dwf-75bu-pkas"},{"vulnerability":"VCID-4pqk-ftt6-dqd8"},{"vulnerability":"VCID-8mj1-r3na-zbdx"},{"vulnerability":"VCID-8rft-nf84-bqew"},{"vulnerability":"VCID-9dnd-981v-nyg1"},{"vulnerability":"VCID-9sjc-bhv6-33dk"},{"vulnerability":"VCID-bzqd-gxbh-4kh5"},{"vulnerability":"VCID-cm8z-243v-63h6"},{"vulnerability":"VCID-fnqj-j4xk-xbdv"},{"vulnerability":"VCID-ftpt-n6j5-8uf2"},{"vulnerability":"VCID-fu1t-pdeb-t7er"},{"vulnerability":"VCID-fy2u-7r3d-rbbf"},{"vulnerability":"VCID-gymy-1e3d-h3em"},{"vulnerability":"VCID-hpgv-z5gk-tkhs"},{"vulnerability":"VCID-q3qz-uq7w-j3gy"},{"vulnerability":"VCID-qjuf-y3k1-yffm"},{"vulnerability":"VCID-r5d4-t9k4-27hm"},{"vulnerability":"VCID-t415-wgxb-5kbt"},{"vulnerability":"VCID-tn5d-naa3-uuba"},{"vulnerability":"VCID-tphc-bczq-73e6"},{"vulnerability":"VCID-tuy6-zf18-fbaz"},{"vulnerability":"VCID-txkg-ydf2-uuc4"},{"vulnerability":"VCID-v1xw-5b4s-cqhx"},{"vulnerability":"VCID-wffj-kw7t-k7g3"},{"vulnerability":"VCID-x5yk-adk3-b7g8"},{"vulnerability":"VCID-ys7s-ahtc-c3hg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@3.0.0"}],"aliases":["CVE-2023-42504","GHSA-3hp7-4qq4-v5c6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zarx-zjca-wuag"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-superset@2.1.1rc3"}