Superset

Latest version: v0.30.1

Vulnerabilities (21)

CVE/PVE Vulnerability ID Advisory Affected versions Severity Severity Score
CVE-2023-27526 62905

A non Admin authenticated user could incorrectly create resources usi…

  • <=2.1.0
MEDIUM 4.3
CVE-2023-27523 62899

Improper data authorization check on Jinja templated queries in Apach…

  • <=2.1.0
MEDIUM 4.3
CVE-2023-27525 62903

An authenticated user with Gamma role authorization could have access…

  • <=2.0.1
MEDIUM 4.3
CVE-2023-27524 62901

Session Validation attacks in Apache Superset versions up to and incl…

  • <=2.0.1
CRITICAL 9.8
CVE-2023-25504 62897

A malicious actor who has been authenticated and granted specific per…

  • <=2.0.1
MEDIUM 6.5
CVE-2023-30776 64174

An authenticated user with specific data permissions could access dat…

  • >=1.3.0,<=2.0.1
MEDIUM 6.5
PVE-2021-37485 37485

Superset 0.33.0rc1a adds Flask-Talisman. https://github.com/apache/s…

  • <0.33.0rc1a
- -
PVE-2021-26584 26584

Superset 0.32.0rc2.dev2a includes new, deprecate merge_perm. Also, th…

  • <0.32.0rc2.dev2a
- -
PVE-2021-37488 37488

Superset 0.29.0rc8a secures unsecured views and prevent regressions (…

  • <0.29.0rc8a
- -
CVE-2017-1001002 36204

Superset 0.23.0a updates its NPM dependency 'mathjs' to v3.20.2 to in…

  • <0.23.0a
CRITICAL 9.8
CVE-2017-1001003 45805

Superset 0.23.0a updates its NPM dependency 'mathjs' to v3.20.2 to in…

  • <0.23.0a
CRITICAL 9.8
CVE-2017-18342 45807

Superset 0.23.0a fixes a code execution vulnerability because of usin…

  • <0.23.0a
CRITICAL 9.8
CVE-2017-18214 45806

Superset 0.23.0a updates its NPM dependency 'moment' to v2.20.1 to in…

  • <0.23.0a
HIGH 7.5
PVE-2021-36204 45804

Superset 0.23.0a adds all derived FAB UserModelView views to admin on…

  • <0.23.0a
- -
PVE-2022-45808 45808

Superset 0.23.0a adds XFO header by default to prevent clickjacking a…

  • <0.23.0a
- -
PVE-2022-45809 45809

Superset 0.23.0a fixes XSS vulnerabilities via the markdown library a…

  • <0.23.0a
HIDDEN X.Y
PVE-2021-37487 37487

Superset 0.19.1 prevents XSS in markup viz. https://github.com/apach…

  • <0.19.1
HIDDEN X.Y
PVE-2021-37486 37486

Superset 0.14.0a improves jinja2 security by using SandboxedEnvironme…

  • <0.14.0a
- -
PVE-2021-26147 26147

Superset 0.11.0 prevents XSS on FAB list views. https://github.com/a…

  • <0.11.0
HIDDEN X.Y
CVE-2018-8021 54031

Versions of Superset prior to 0.23 used an unsafe load method from th…

  • >=0,<0.23.0
CRITICAL 9.8
CVE-2021-28125 54264

Apache Superset prior to 1.1.0 allowed for the creation of an externa…

  • >=0
MEDIUM 6.1