Latest version: v0.30.1
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2023-27526 | 62905 |
A non Admin authenticated user could incorrectly create resources usi… |
|
MEDIUM | 4.3 |
| CVE-2023-27523 | 62899 |
Improper data authorization check on Jinja templated queries in Apach… |
|
MEDIUM | 4.3 |
| CVE-2023-27524 | 62901 |
Session Validation attacks in Apache Superset versions up to and incl… |
|
CRITICAL | 9.8 |
| CVE-2023-27525 | 62903 |
An authenticated user with Gamma role authorization could have access… |
|
MEDIUM | 4.3 |
| CVE-2023-25504 | 62897 |
A malicious actor who has been authenticated and granted specific per… |
|
MEDIUM | 6.5 |
| CVE-2023-30776 | 64174 |
An authenticated user with specific data permissions could access dat… |
|
MEDIUM | 6.5 |
| PVE-2021-37485 | 37485 |
Superset 0.33.0rc1a adds Flask-Talisman. https://github.com/apache/s… |
|
- | - |
| PVE-2021-26584 | 26584 |
Superset 0.32.0rc2.dev2a includes new, deprecate merge_perm. Also, th… |
|
- | - |
| PVE-2021-37488 | 37488 |
Superset 0.29.0rc8a secures unsecured views and prevent regressions (… |
|
- | - |
| CVE-2017-18214 | 45806 |
Superset 0.23.0a updates its NPM dependency 'moment' to v2.20.1 to in… |
|
HIGH | 7.5 |
| CVE-2017-1001003 | 45805 |
Superset 0.23.0a updates its NPM dependency 'mathjs' to v3.20.2 to in… |
|
CRITICAL | 9.8 |
| CVE-2017-18342 | 45807 |
Superset 0.23.0a fixes a code execution vulnerability because of usin… |
|
CRITICAL | 9.8 |
| CVE-2017-1001002 | 36204 |
Superset 0.23.0a updates its NPM dependency 'mathjs' to v3.20.2 to in… |
|
CRITICAL | 9.8 |
| PVE-2021-36204 | 45804 |
Superset 0.23.0a adds all derived FAB UserModelView views to admin on… |
|
- | - |
| PVE-2022-45808 | 45808 |
Superset 0.23.0a adds XFO header by default to prevent clickjacking a… |
|
- | - |
| PVE-2022-45809 | 45809 |
Superset 0.23.0a fixes XSS vulnerabilities via the markdown library a… |
|
HIDDEN | X.Y |
| PVE-2021-37487 | 37487 |
Superset 0.19.1 prevents XSS in markup viz. https://github.com/apach… |
|
HIDDEN | X.Y |
| PVE-2021-37486 | 37486 |
Superset 0.14.0a improves jinja2 security by using SandboxedEnvironme… |
|
- | - |
| PVE-2021-26147 | 26147 |
Superset 0.11.0 prevents XSS on FAB list views. https://github.com/a… |
|
HIDDEN | X.Y |
| CVE-2018-8021 | 54031 |
Versions of Superset prior to 0.23 used an unsafe load method from th… |
|
CRITICAL | 9.8 |
| CVE-2021-28125 | 54264 |
Apache Superset prior to 1.1.0 allowed for the creation of an externa… |
|
MEDIUM | 6.1 |