apache-superset vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-23984Highapache-superset: Apache Superset: Read-Only Bypass via Improper Input Validation on PostgreSQL ConnectionsCVE-2026-23980Mediumapache-superset: Apache Superset allows privileged users to conduct error-based SQL InjectionCVE-2026-23982Highapache-superset: Apache Superset Improper Authorization allows low-privileged users to bypass access controls CVE-2026-23969Mediumapache-superset: Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engineCVE-2026-23983Lowapache-superset: Apache Superset allows authenticated users to view sensitive data without explicit permissionsCVE-2025-55675Mediumapache-superset: Apache Superset allows authenticated users to discover metadata about datasources they don't have permission to accessCVE-2025-55672Mediumapache-superset: Apache Superset's chart visualization has a stored Cross-Site Scripting (XSS) vulnerabilityCVE-2025-55673Mediumapache-superset: Apache Superset data query improperly discloses database schema information to low-privileged guest userCVE-2025-55674Mediumapache-superset: Apache Superset has bypass of `DISALLOWED_SQL_FUNCTIONS` that allows execution of blocked SQL functionsCVE-2025-48912Highapache-superset: Apache Superset: Improper authorization bypass on row level security via SQL InjectionCVE-2025-27696Mediumapache-superset: Apache Superset Allows Ownership TakeoverCVE-2024-55633Highapache-superset: Apache Superset: SQLLab Improper readonly query validation allows unauthorized write accessCVE-2024-53947Lowapache-superset: Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functionsCVE-2024-53949Highapache-superset: Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabledCVE-2024-53948Mediumapache-superset: Apache Superset: Error verbosity exposes metadata in analytics databasesCVE-2024-39887Mediumapache-superset: Apache Superset vulnerable to improper SQL authorizationCVE-2024-34693Mediumapache-superset: Apache Superset server arbitrary file read CVE-2024-28148Mediumapache-superset: Apache Superset Incorrect Authorization vulnerabilityCVE-2024-24779Mediumapache-superset: Apache Superset: Improper data authorization when creating a new datasetCVE-2024-26016Mediumapache-superset: Apache Superset: Improper authorization validation on dashboards and charts importCVE-2024-24773Mediumapache-superset: Apache Superset: Improper validation of SQL statements allows for unauthorized access to dataCVE-2024-24772Mediumapache-superset: Apache Superset: Improper Neutralization of custom SQL on embedded contextCVE-2024-27315Mediumapache-superset: Apache Superset: Improper error handling on alertsCVE-2023-49657Criticalapache-superset: Cross-site Scripting in Apache supersetCVE-2023-46104Mediumapache-superset: Apache Superset uncontrolled resource consumption

Stop the waste.
Protect your environment with Kodem.