user

CVE-2026-23984: Apache Superset: SQLLab Read-Only Bypass on PostgreSQL

Tue, 24 Feb 2026 09:46:55 GMT

2026/02/24 -- Daniel Gaspar

CVE-2026-23983: Apache Superset: Sensitive Data Exposure via REST API (disabled by default)

Tue, 24 Feb 2026 09:42:45 GMT

2026/02/24 -- Daniel Gaspar

CVE-2026-23982: Apache Superset: Improper Authorization in Dataset Creation Allows Access Control Bypass

Tue, 24 Feb 2026 09:35:50 GMT

2026/02/24 -- Daniel Gaspar

CVE-2026-23980: Apache Superset: Improper Neutralization of Special Elements used in a SQL Command

Tue, 24 Feb 2026 09:27:47 GMT

2026/02/24 -- Daniel Gaspar

CVE-2026-23969: Apache Superset: Exposure of Sensitive Information via Incomplete ClickHouse Function Filtering

Tue, 24 Feb 2026 09:23:07 GMT

2026/02/24 -- Daniel Gaspar

Consulting request

Fri, 13 Feb 2026 16:48:34 GMT

2026/02/13 -- Julien Béti

Security advisory: Insecure default ClickHouse function list

Mon, 24 Nov 2025 10:48:19 GMT

2025/11/24 -- Daniel Gaspar

Insufficient Session Expiration and Secret Key Management Guidance

Mon, 24 Nov 2025 10:12:33 GMT

2025/11/24 -- Daniel Gaspar

CVE-2025-55675: Apache Superset: Incorrect datasource authorization on REST API

Thu, 14 Aug 2025 11:44:43 GMT

2025/08/14 -- Daniel Gaspar

CVE-2025-55674: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

Thu, 14 Aug 2025 11:41:37 GMT

2025/08/14 -- Daniel Gaspar

CVE-2025-55672: Apache Superset: Store XSS on charts metadata

Thu, 14 Aug 2025 11:38:24 GMT

2025/08/14 -- Daniel Gaspar

CVE-2025-55673: Apache Superset: Metadata exposure in embedded charts

Thu, 14 Aug 2025 11:34:05 GMT

2025/08/14 -- Daniel Gaspar

Re: Include Non-metric Columns in Bar Chart Tooltip in Apache Superset

Mon, 14 Jul 2025 16:28:40 GMT

2025/07/14 -- Elizabeth Thompson

graph chart with different node icons

Sun, 29 Jun 2025 11:41:11 GMT

2025/06/29 -- u...@moosheimer.com

New Cartodiagram Map

Sun, 29 Jun 2025 11:37:35 GMT

2025/06/29 -- u...@moosheimer.com

CVE-2025-48912: Apache Superset: Improper authorization bypass on row level security via SQL Injection

Fri, 30 May 2025 09:36:30 GMT

2025/05/30 -- Daniel Gaspar

CVE-2025-27696: Apache Superset: Improper authorization leading to resource ownership takeover

Mon, 12 May 2025 14:39:56 GMT

2025/05/12 -- Daniel Gaspar

Downlod data with superset

Mon, 20 Jan 2025 07:27:30 GMT

2025/01/20 -- Andreas . Moroder

Building several charts from a single invocation of a query

Fri, 19 Jul 2024 15:51:41 GMT

2024/07/19 -- Anton Shepelev

CVE-2024-39887: Apache Superset: Improper SQL authorisation, parse not checking for specific engine functions

Tue, 16 Jul 2024 09:02:41 GMT

2024/07/16 -- Daniel Gaspar

CVE-2024-34693: Apache Superset: Server arbitrary file read

Thu, 20 Jun 2024 08:14:12 GMT

2024/06/20 -- Daniel Gaspar

CVE-2024-28148: Apache Superset: Incorrect datasource authorization on explore REST API

Tue, 07 May 2024 08:54:31 GMT

2024/05/07 -- Daniel Gaspar

Participate in the ASF 25th Anniversary Campaign

Wed, 03 Apr 2024 13:55:11 GMT

2024/04/03 -- Brian Proffitt

Community Over Code NA 2024 Travel Assistance Applications now open!

Wed, 27 Mar 2024 09:12:28 GMT

2024/03/27 -- Gavin McDonald

CVE-2024-25128: Vulnerability in custom, long deprecated OpenID (NOT OIDC) authentication method in Flask AppBuilder

Wed, 28 Feb 2024 14:08:16 GMT

2024/02/28 -- Daniel Gaspar

CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import

Wed, 28 Feb 2024 10:44:12 GMT

2024/02/28 -- Daniel Gaspar

CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset

Wed, 28 Feb 2024 10:34:26 GMT

2024/02/28 -- Daniel Gaspar

CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context

Wed, 28 Feb 2024 10:26:05 GMT

2024/02/28 -- Daniel Gaspar

CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data

Wed, 28 Feb 2024 10:12:58 GMT

2024/02/28 -- Daniel Gaspar

CVE-2024-27315: Apache Superset: Improper error handling on alerts

Wed, 28 Feb 2024 10:00:36 GMT

2024/02/28 -- Daniel Gaspar

Community Over Code Asia 2024 Travel Assistance Applications now open!

Tue, 20 Feb 2024 09:24:32 GMT

2024/02/20 -- Gavin McDonald

CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104)

Wed, 14 Feb 2024 11:03:12 GMT

2024/02/14 -- Daniel Gaspar

Community over Code EU 2024 Travel Assistance Applications now open!

Sat, 03 Feb 2024 08:49:44 GMT

2024/02/03 -- Gavin McDonald

[no subject]

Sat, 03 Feb 2024 08:29:46 GMT

2024/02/03 -- Gavin McDonald

Security advisory: session logout expiration

Tue, 23 Jan 2024 13:42:41 GMT

2024/01/23 -- Daniel Gaspar

CVE-2023-49657: Apache Superset: Stored XSS in Dashboard Title and Chart Title

Tue, 23 Jan 2024 13:18:17 GMT

2024/01/23 -- Daniel Gaspar

Security advisory: default SECRET_KEY in Helm Chart

Fri, 19 Jan 2024 12:44:36 GMT

2024/01/19 -- dpgas...@apache.org

CVE-2023-49734: Apache Superset: Privilege Escalation Vulnerability

Tue, 19 Dec 2023 09:44:07 GMT

2023/12/19 -- Daniel Gaspar

CVE-2023-49736: Apache Superset: SQL Injection on where_in JINJA macro

Tue, 19 Dec 2023 09:31:21 GMT

2023/12/19 -- Daniel Gaspar

CVE-2023-46104: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb

Tue, 19 Dec 2023 09:14:16 GMT

2023/12/19 -- Daniel Gaspar

CVE-2023-42504: Apache Superset: Lack of rate limiting allows for possible denial of service

Tue, 28 Nov 2023 16:39:31 GMT

2023/11/28 -- Daniel Gaspar

CVE-2023-42505: Apache Superset: Sensitive information disclosure on db connection details

Tue, 28 Nov 2023 16:20:21 GMT

2023/11/28 -- Daniel Gaspar

CVE-2023-42502: Apache Superset: Open Redirect Vulnerability

Tue, 28 Nov 2023 16:09:00 GMT

2023/11/28 -- Daniel Gaspar

CVE-2023-43701: Apache Superset: Stored XSS on API endpoint

Mon, 27 Nov 2023 09:44:37 GMT

2023/11/27 -- Daniel Gaspar

CVE-2023-42501: Apache Superset: Unnecessary read permissions within the Gamma role

Mon, 27 Nov 2023 09:40:15 GMT

2023/11/27 -- Daniel Gaspar

CVE-2023-40610: Apache Superset: Privilege escalation with default examples database

Mon, 27 Nov 2023 09:31:09 GMT

2023/11/27 -- Daniel Gaspar

Cross Filter and Area Chart

Sun, 26 Nov 2023 13:12:46 GMT

2023/11/26 -- u...@moosheimer.com

CVE-2023-32672: Apache Superset: SQL parser edge case bypasses data access authorization

Wed, 06 Sep 2023 09:46:14 GMT

2023/09/06 -- Daniel Gaspar

CVE-2023-37941: Apache Superset: Metadata db write access can lead to remote code execution

Wed, 06 Sep 2023 09:41:02 GMT

2023/09/06 -- Daniel Gaspar

CVE-2023-39265: Apache Superset: Possible Unauthorized Registration of SQLite Database Connections

Wed, 06 Sep 2023 09:34:46 GMT

2023/09/06 -- Daniel Gaspar

CVE-2023-39264: Apache Superset: Stack traces enabled by default

Wed, 06 Sep 2023 09:26:43 GMT

2023/09/06 -- Daniel Gaspar

CVE-2023-36388: Apache Superset: Improper API permission for low privilege users allows for SSRF

Wed, 06 Sep 2023 09:11:08 GMT

2023/09/06 -- Daniel Gaspar

CVE-2023-36387: Apache Superset: Improper API permission for low privilege users

Wed, 06 Sep 2023 09:06:36 GMT

2023/09/06 -- Daniel Gaspar

Registration open for Community Over Code North America

Mon, 28 Aug 2023 19:43:09 GMT

2023/08/28 -- Rich Bowen

TAC Applications for Community Over Code North America and Asia now open

Fri, 16 Jun 2023 08:55:23 GMT

2023/06/16 -- Gavin McDonald

Apache Superset Vulnerability: Insecure Default Configuration Exposes Servers to RCE Attacks

Wed, 26 Apr 2023 13:46:00 GMT

2023/04/26 -- Turritopsis Dohrnii Teo En Ming