📦 Superset

This SQL injection vulnerability in Apache Superset allows attackers to bypass SQL authorization by exploiting unvalidated PostgreSQL functions. Attackers can execute arbitrary SQL commands, potential...

This stored cross-site scripting (XSS) vulnerability in Apache Superset allows authenticated attackers with create/update permissions to inject malicious scripts into charts or dashboards. When other ...

CVE-2022-27479 is a critical SQL injection vulnerability in Apache Superset that allows attackers to execute arbitrary SQL commands through chart data requests. This affects all Apache Superset instan...

This vulnerability allows authenticated users with read-only permissions in Apache Superset to take ownership of dashboards, charts, or datasets. This affects all Apache Superset deployments through v...

This vulnerability allows authenticated Gamma users in Apache Superset to gain unauthorized write permissions to charts they create on dashboards. The flaw enables privilege escalation where users can...

This vulnerability allows authenticated attackers to perform SQL injection attacks in Apache Superset when template processing is enabled. It affects Apache Superset versions up to and including 1.3.0...

Authenticated users in Apache Superset can exploit a disabled-by-default tagging feature to retrieve sensitive user data including password hashes and email addresses. This affects all Apache Superset...

This SQL injection vulnerability in Apache Superset allows authenticated users with read access to execute arbitrary SQL commands through the sqlExpression or where parameters. The vulnerability enabl...

This vulnerability allows guest users in Apache Superset to access database schema information through the /chart/data endpoint. The API response improperly includes query details that reveal table na...

This vulnerability allows attackers to bypass Apache Superset's DISALLOWED_SQL_FUNCTIONS security feature using a special inline block technique. Users with SQL Lab access can execute SQL functions th...

Apache Superset has an improper access control vulnerability where authenticated users can enumerate protected datasources they shouldn't access. By manipulating the datasource_id parameter in the /ex...

Apache Superset has an improper authorization vulnerability when FAB_ADD_SECURITY_API is enabled (disabled by default). This allows lower-privilege users to access security API endpoints they shouldn'...

This SQL injection vulnerability in Apache Superset allows attackers to bypass SQL authorization by exploiting improperly sanitized PostgreSQL functions. It affects all Apache Superset installations b...

This vulnerability allows authenticated attackers in Apache Superset to create MariaDB connections with local_infile enabled, potentially reading arbitrary files from the web server if both MariaDB se...