Every CVE whose affected-product data names Apache Superset, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (68)
CVE-2022-27479 — CVSS 9.8 (critical): Apache Superset before 1.4.2 is vulnerable to SQL injection in chart data requests. Users should update to 1.4.2 or higher which addresses…
CVE-2018-8021 — CVSS 9.8 (critical): Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code…
CVE-2024-53947 — CVSS 9.8 (critical): Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically…
CVE-2023-49657 — CVSS 9.6 (critical): A stored cross-site scripting (XSS) vulnerability exists in Apache Superset before 3.0.3. An authenticated attacker with create/update…
CVE-2020-13948 — CVSS 8.8 (high): While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of…
CVE-2022-43719 — CVSS 8.8 (high): Two legacy REST API endpoints for approval and request access are vulnerable to cross site request forgery. This issue affects Apache…
CVE-2021-41971 — CVSS 8.8 (high): Apache Superset up to and including 1.3.0 when configured with ENABLE_TEMPLATE_PROCESSING on (disabled by default) allowed SQL injection…
CVE-2025-27696 — CVSS 8.8 (high): Incorrect Authorization vulnerability in Apache Superset allows ownership takeover of dashboards, charts or datasets by authenticated users…
CVE-2020-13952 — CVSS 8.1 (high): In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto…
CVE-2023-49734 — CVSS 7.7 (high): An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the…
CVE-2024-34693 — CVSS 6.8 (medium): Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with…
CVE-2023-37941 — CVSS 6.6 (medium): If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that…
CVE-2021-44451 — CVSS 6.5 (medium): Apache Superset up to and including 1.3.2 allowed for registered database connections password leak for authenticated users. This…
CVE-2021-42250 — CVSS 6.5 (medium): Improper output neutralization for Logs. A specific Apache Superset HTTP endpoint allowed for an authenticated user to forge log entries or…
CVE-2025-55674 — CVSS 6.5 (medium): A bypass of the DISALLOWED_SQL_FUNCTIONS security feature in Apache Superset allows for the execution of blocked SQL functions. An attacker…
CVE-2025-48912 — CVSS 6.5 (medium): An authenticated malicious actor using specially crafted requests could bypass row level security configuration by injecting SQL into…
CVE-2021-41972 — CVSS 6.5 (medium): Apache Superset up to and including 1.3.1 allowed for database connections password leak for authenticated users. This information could be…
CVE-2025-55675 — CVSS 6.5 (medium): Apache Superset contains an improper access control vulnerability in its /explore endpoint. A missing authorization check allows an…
CVE-2024-55633 — CVSS 6.5 (medium): Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a…
CVE-2024-53949 — CVSS 6.5 (medium): Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower…
CVE-2026-23969 — CVSS 6.5 (medium): Apache Superset utilizes a configurable dictionary, DISALLOWED_SQL_FUNCTIONS, to restrict the execution of potentially sensitive SQL…
CVE-2026-23980 — CVSS 6.5 (medium): Improper Neutralization of Special Elements used in a SQL Command ('SQL Injection') vulnerability in Apache Superset allows an…
CVE-2024-23952 — CVSS 6.5 (medium): This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can…
CVE-2026-23982 — CVSS 6.5 (medium): An Improper Authorization vulnerability exists in Apache Superset that allows a low-privileged user to bypass data access controls. When…
CVE-2023-49736 — CVSS 6.5 (medium): A where_in JINJA macro allows users to specify a quote, which combined with a carefully crafted statement would allow for SQL injection in…
CVE-2020-1932 — CVSS 6.5 (medium): An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are…
CVE-2026-23983 — CVSS 6.5 (medium): A Sensitive Data Exposure vulnerability exists in Apache Superset allowing authenticated users to retrieve sensitive user information. The…
CVE-2023-46104 — CVSS 6.5 (medium): Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or…
CVE-2026-23984 — CVSS 6.5 (medium): An Improper Input Validation vulnerability exists in Apache Superset that allows an authenticated user with SQLLab access to bypass the…
CVE-2023-40610 — CVSS 6.3 (medium): Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples…
CVE-2021-28125 — CVSS 6.1 (medium): Apache Superset up to and including 1.0.1 allowed for the creation of an external URL that could be malicious. By not checking user input…
CVE-2023-42504 — CVSS 5.8 (medium): An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a…
CVE-2022-43720 — CVSS 5.4 (medium): An authenticated attacker with write CSS template permissions can create a record with specific HTML tags that will not get properly…
CVE-2022-43718 — CVSS 5.4 (medium): Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users…
CVE-2022-43717 — CVSS 5.4 (medium): Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be…
CVE-2025-55672 — CVSS 5.4 (medium): A stored Cross-Site Scripting (XSS) vulnerability exists in Apache Superset's chart visualization. An authenticated user with permissions…
CVE-2023-36387 — CVSS 5.4 (medium): An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user…
CVE-2022-43721 — CVSS 5.4 (medium): An authenticated attacker with update datasets permission could change a dataset link to an untrusted site, users could be redirected to…
CVE-2022-41703 — CVSS 5.4 (medium): A vulnerability in the SQL Alchemy connector of Apache Superset allows an authenticated user with read access to a specific database to add…
CVE-2021-32609 — CVSS 5.4 (medium): Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access…
CVE-2021-27907 — CVSS 5.4 (medium): Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related…
CVE-2019-12413 — CVSS 5.3 (medium): In Apache Incubator Superset before 0.31 user could query database metadata information from a database he has no access to, by using a…
CVE-2019-12414 — CVSS 5.3 (medium): In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab
CVE-2022-45438 — CVSS 5.3 (medium): When explicitly enabling the feature flag DASHBOARD_CACHE (disabled by default), the system allowed for an unauthenticated user to access…
CVE-2024-53948 — CVSS 5.3 (medium): Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0…
CVE-2023-27523 — CVSS 5.0 (medium): Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user…
CVE-2024-24779 — CVSS 5.0 (medium): Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create…
CVE-2024-24773 — CVSS 4.9 (medium): Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue…
CVE-2023-30776 — CVSS 4.9 (medium): An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API…
CVE-2023-25504 — CVSS 4.9 (medium): A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in…
CVE-2023-42502 — CVSS 4.8 (medium): An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host…
CVE-2024-27315 — CVSS 4.3 (medium): An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement…
CVE-2023-39264 — CVSS 4.3 (medium): By default, stack traces for errors were enabled, which resulted in the exposure of internal traces on REST API endpoints to users. This…
CVE-2023-42501 — CVSS 4.3 (medium): Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This…
CVE-2023-42505 — CVSS 4.3 (medium): An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the…
CVE-2023-43701 — CVSS 4.3 (medium): Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store…
CVE-2023-32672 — CVSS 4.3 (medium): An Incorrect authorisation check in SQLLab in Apache Superset versions up to and including 2.1.0. This vulnerability allows an…
CVE-2023-27526 — CVSS 4.3 (medium): A non Admin authenticated user could incorrectly create resources using the import charts feature, on Apache Superset up to and including…
CVE-2024-24772 — CVSS 4.3 (medium): A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying…
CVE-2024-26016 — CVSS 4.3 (medium): A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its…
CVE-2023-36388 — CVSS 4.3 (medium): Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network…
CVE-2024-28148 — CVSS 4.3 (medium): An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API…
CVE-2024-39887 — CVSS 4.3 (medium): An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elements used in SQL commands…
CVE-2025-55673 — CVSS 4.3 (medium): When a guest user accesses a chart in Apache Superset, the API response from the /chart/data endpoint includes a query field in its…
CVE-2021-37839 — CVSS 4.3 (medium): Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on…
CVE-2023-39265 — CVSS 3.8 (low): Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names…
CVE-2023-27525 — CVSS 3.1 (low): An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset…