user  

Messages by Date

• 2026/02/24 CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL Daniel Gaspar
• 2026/02/24 CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default) Daniel Gaspar
• 2026/02/24 CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass Daniel Gaspar
• 2026/02/24 CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command Daniel Gaspar
• 2026/02/24 CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering Daniel Gaspar
• 2026/02/13 Consulting request Julien Béti
• 2025/11/24 Security advisory: Insecure default ClickHouse function list Daniel Gaspar
• 2025/11/24 Insufficient Session Expiration and Secret Key Management Guidance Daniel Gaspar
• 2025/08/14 CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API Daniel Gaspar
• 2025/08/14 CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
• 2025/08/14 CVE-2025-55672: Apache Superset: Store XSS on charts metadata Daniel Gaspar
• 2025/08/14 CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts Daniel Gaspar
• 2025/07/14 Re: Include Non-metric Columns in Bar Chart Tooltip in Apache Superset Elizabeth Thompson
• 2025/06/29 graph chart with different node icons [email protected]
• 2025/06/29 New Cartodiagram Map [email protected]
• 2025/05/30 CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection Daniel Gaspar
• 2025/05/12 CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover Daniel Gaspar
• 2025/01/19 Downlod data with superset Andreas . Moroder
• 2024/07/19 Building several charts from a single invocation of a query Anton Shepelev
• 2024/07/16 CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions Daniel Gaspar
• 2024/06/20 CVE-2024-34693: Apache Superset: Server arbitrary file read Daniel Gaspar
• 2024/05/07 CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API Daniel Gaspar
• 2024/04/03 Participate in the ASF 25th Anniversary Campaign Brian Proffitt
• 2024/03/27 Community Over Code NA 2024 Travel Assistance Applications now open! Gavin McDonald
• 2024/02/28 CVE-2024-25128: Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder Daniel Gaspar
• 2024/02/28 CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import Daniel Gaspar
• 2024/02/28 CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset Daniel Gaspar
• 2024/02/28 CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context Daniel Gaspar
• 2024/02/28 CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Daniel Gaspar
• 2024/02/28 CVE-2024-27315: Apache Superset: Improper error handling on alerts Daniel Gaspar
• 2024/02/20 Community Over Code Asia 2024 Travel Assistance Applications now open! Gavin McDonald
• 2024/02/14 CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) Daniel Gaspar
• 2024/02/03 Community over Code EU 2024 Travel Assistance Applications now open! Gavin McDonald
• 2024/02/03 [no subject] Gavin McDonald
• 2024/01/23 Security advisory: session logout expiration Daniel Gaspar
• 2024/01/23 CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title Daniel Gaspar
• 2024/01/19 Security advisory: default SECRET_KEY in Helm Chart [email protected]
• 2023/12/19 CVE-2023-49734: Apache Superset: Privilege Escalation Vulnerability Daniel Gaspar
• 2023/12/19 CVE-2023-49736: Apache Superset: SQL Injection on where_in JINJA macro Daniel Gaspar
• 2023/12/19 CVE-2023-46104: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb Daniel Gaspar
• 2023/11/28 CVE-2023-42504: Apache Superset: Lack of rate limiting allows for possible denial of service Daniel Gaspar
• 2023/11/28 CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details Daniel Gaspar
• 2023/11/28 CVE-2023-42502: Apache Superset: Open Redirect Vulnerability Daniel Gaspar
• 2023/11/27 CVE-2023-43701: Apache Superset: Stored XSS on API endpoint Daniel Gaspar
• 2023/11/27 CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role Daniel Gaspar
• 2023/11/27 CVE-2023-40610: Apache Superset: Privilege escalation with default examples database Daniel Gaspar
• 2023/11/26 Cross Filter and Area Chart [email protected]
• 2023/09/06 CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization Daniel Gaspar
• 2023/09/06 CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution Daniel Gaspar
• 2023/09/06 CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections Daniel Gaspar
• 2023/09/06 CVE-2023-39264: Apache Superset: Stack traces enabled by default Daniel Gaspar
• 2023/09/06 CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF Daniel Gaspar
• 2023/09/06 CVE-2023-36387: Apache Superset: Improper API permission for low privilege users Daniel Gaspar
• 2023/08/28 Registration open for Community Over Code North America Rich Bowen
• 2023/06/16 TAC Applications for Community Over Code North America and Asia now open Gavin McDonald
• 2023/04/26 Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks Turritopsis Dohrnii Teo En Ming