Where
-Infinity
0

Trending

Last week
Last month
Last year

Apache SupersetApache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering

Risk 40
Severity
6.5
First published (updated )
CVE-2026-23969

Apache SupersetApache Superset: Improper Neutralization of Special Elements used in a SQL Command

Risk 40
Severity
6.5
First published (updated )
CVE-2026-23980

apache/supersetApache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

Risk 43
Severity
7.1
First published (updated )
CVE-2026-23982

Apache SupersetApache Superset: Sensitive Data Exposure via REST API (disabled by default)

Risk 40
Severity
6.5
First published (updated )
CVE-2026-23983

Apache SupersetApache Superset: SQLLab Read-Only Bypass on PostgreSQL

Risk 43
Severity
7.1
First published (updated )
CVE-2026-23984
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secCVE-2026-23984: Apache Superset: SQLLab ad-Only Bypass on PostgSQL

First published (updated )
https://seclists.org/oss-sec/2026/q1/206

oss-secCVE-2026-23983: Apache Superset: Sensitive Data Exposuvia ST API (disabled by default)

First published (updated )
https://seclists.org/oss-sec/2026/q1/205

oss-secCVE-2026-23982: Apache Superset: Improper Authorization in Dataset Cation Allows Access Control Bypass

First published (updated )
https://seclists.org/oss-sec/2026/q1/204

oss-secCVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command

First published (updated )
https://seclists.org/oss-sec/2026/q1/203

oss-secCVE-2026-23969: Apache Superset: Exposuof Sensitive Information via Incomplete ClickHouse Function Filtering

First published (updated )
https://seclists.org/oss-sec/2026/q1/202
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache SupersetApache Superset: Improper authorization bypass on row level security via SQL Injection

Risk 30
Severity
7.1
EPSS
0.08%
First published (updated )
CVE-2025-48912

CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection

First published (updated )
https://seclists.org/oss-sec/2025/q2/187

Apache SupersetApache Superset: Incorrect authorization leading to resource ownership takeover

Risk 84
Severity
8.8
First published (updated )
CVE-2025-27696

CVE-2025-27696: Apache Superset: Improper authorization leading to source ownership takeover

First published (updated )
https://seclists.org/oss-sec/2025/q2/119

pip/apache-supersetApache Superset: SQLLab Improper readonly query validation allows unauthorized write access

Risk 43
Severity
7.1
First published (updated )
CVE-2024-55633
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

CVE-2024-55633: Apache Superset: SQLLab Improper adonly query validation allows unauthorized write access

First published (updated )
https://seclists.org/oss-sec/2024/q4/152

pip/apache-supersetApache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Risk 59
Severity
7.6
First published (updated )
CVE-2024-53949

pip/apache-supersetApache Superset: Error verbosity exposes metadata in analytics databases

Risk 29
Severity
5.3
First published (updated )
CVE-2024-53948

CVE-2024-53949: Apache Superset: Lower privilege users aable to cate Role when FAB_ADD_SECURITY_API is enabled

First published (updated )
https://seclists.org/oss-sec/2024/q4/149

CVE-2024-53948: Apache Superset: Error verbosity exposes metadata in analytics databases

First published (updated )
https://seclists.org/oss-sec/2024/q4/148
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/apache-supersetApache Superset: Improper SQL authorisation, parse not checking for specific engine functions

Risk 92
Severity
9.8
First published (updated )
CVE-2024-39887

pip/apache-supersetApache Superset: Server arbitrary file read

Risk 39
Severity
6.8
First published (updated )
CVE-2024-34693

CVE-2024-34693: Apache Superset: Server arbitrary file ad

First published (updated )
https://seclists.org/oss-sec/2024/q2/293

pip/apache-supersetApache Superset: Incorrect datasource authorization on explore REST API

Risk 24
Severity
4.3
First published (updated )
CVE-2024-28148

CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API

First published (updated )
https://seclists.org/oss-sec/2024/q2/216
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/apache-supersetApache Superset: Improper authorization validation on dashboards and charts import

Risk 26
Severity
5.4
EPSS
0.04%
First published (updated )
CVE-2024-26016

pip/apache-supersetApache Superset: Improper data authorization when creating a new dataset

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2024-24779

Apache SupersetApache Superset: Improper Neutralisation of custom SQL on embedded context

Risk 17
Severity
4.3
EPSS
0.04%
First published (updated )
CVE-2024-24772

pip/apache-supersetApache Superset: Improper validation of SQL statements allows for unauthorized access to data

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2024-24773

CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import

First published (updated )
https://seclists.org/oss-sec/2024/q1/174
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203