apache-superset vulnerabilities

A modern, enterprise-ready business intelligence web application

latest version

5.0.0

latest non vulnerable version

first published

6 years ago

latest version published

4 months ago

licenses detected

Apache-2.0
[0,)

View apache-superset package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the apache-superset package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M SQL Injection	[,6.0.0rc1)
M Missing Authorization	[,5.0.0)
M Exposure of Sensitive System Information to an Unauthorized Control Sphere	[,4.1.3rc1)
H SQL Injection	[,4.1.2)
M Incorrect Default Permissions	[,4.1.2)
H Improper Authorization	[,4.1.0rc2)
M SQL Injection	[,4.1.0rc2)
H Improper Authorization	[2.0.0,4.1.0rc3)
L SQL Injection	[,4.0.2)
M Arbitrary File Read	[,3.1.3)[4.0.0,4.0.1)
M Incorrect Authorization	[,3.1.2)[4.0.0rc1,4.0.0rc2)
M Cross-site Scripting (XSS)	[,2.1.0)
M Improper Authorization	[,3.0.4)[3.1.0,3.1.1)
M Insertion of Sensitive Information into Log File	[,3.0.4)[3.1.0rc1,3.1.1)
M Improper Authorization	[,3.0.4)[3.1.0rc1,3.1.1)
M Incorrect Authorization	[,3.0.4)[3.1.0rc1,3.1.1)
M SQL Injection	[,3.0.4)[3.1.0rc1,3.1.1)
M Cross-site Scripting (XSS)	[,3.0.3)
M Uncontrolled Resource Consumption ('Resource Exhaustion')	[,2.1.3)[3.0.0,3.0.2)
M SQL Injection	[,2.1.3)[3.0.0,3.0.2)
H Incorrect Authorization	[,2.1.3)[3.0.0,3.0.2)
M Allocation of Resources Without Limits or Throttling	[,2.1.3)[3.0.0rc1,3.0.0)
M Incorrect Default Permissions	[,2.1.2)
M Open Redirect	[,3.0.0)
M Cross-site Scripting (XSS)	[,2.1.2)
M Incorrect Authorization	[,2.1.2)
M Information Exposure	[,3.0.0)
M Information Exposure	[,2.1.1)
M Improper Preservation of Permissions	[,2.1.1)
L Improper Input Validation	[,2.1.1)
M Deserialization of Untrusted Data	[1.5.0,2.1.1)
M Server-side Request Forgery (SSRF)	[,2.1.1)
M Incorrect Authorization	[,2.1.1)
M Incorrect Authorization	[,2.1.1)
M Access Restriction Bypass	[,2.1.1)
M Server-side Request Forgery (SSRF)	[,2.1.0)
M Information Exposure	[1.3.0,2.1.0)
H Insecure Default Initialization of Resource	[,2.1.0)
L Access Restriction Bypass	[,2.1.0)
L Open Redirect	[,1.5.3)[2.0.0,2.0.1)
M Cross-site Request Forgery (CSRF)	[,1.5.3)[2.0.0,2.0.1)
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[,1.5.3)[2.0.0,2.0.1)
M Improper Access Control	[,1.5.3)[2.0.0,2.0.1)
M SQL Injection	[,1.5.3)[2.0.0,2.0.1)
M Cross-site Scripting (XSS)	[,1.5.3)[2.0.0,2.0.1)
L Cross-site Scripting (XSS)	[,1.5.3)[2.0.0,2.0.1)
M Information Exposure	[,1.5.1)
C SQL Injection	[,1.4.2)
M Insufficiently Protected Credentials	[,1.4.0)
H Improper Output Neutralization for Logs	[,1.3.2)
M Improper Output Neutralization for Logs	[,1.3.2)
M Insufficiently Protected Credentials	[,1.3.2)
M Cross-site Scripting (XSS)	[,1.2.0)
M SQL Injection	[,1.3.1)
M Open Redirect	[,1.1.0)
H Cross-site Scripting (XSS)	[,0.38.1)
M Cross-site Scripting (XSS)	[,0.36.0)
M Insecure Defaults	[,0.35.1)
M Cross-site Scripting (XSS)	[,0.34.0)
M Cross-site Scripting (XSS)	[,0.34.0)
C Arbitrary Code Execution	[,0.34.0)
M Cross-site Scripting (XSS)	[,0.34.0)
M Information Exposure	[,0.37.2)
H Remote Code Execution (RCE)	[,0.37.1)
M Information Exposure	[,0.34.0)
M Information Exposure	[,0.34.0)
M Information Exposure	[0.34.0,0.35.2)

Package versions

75 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
6.0.0rc2	22 Sep, 2025	0 C 0 H 0 M 0 L
6.0.0rc1	18 Aug, 2025	0 C 0 H 0 M 0 L
5.0.0	23 Jun, 2025	0 C 0 H 1 M 0 L
5.0.0rc4	18 Jun, 2025	0 C 0 H 2 M 0 L
5.0.0rc3	29 May, 2025	0 C 0 H 2 M 0 L
5.0.0rc2	1 Apr, 2025	0 C 0 H 2 M 0 L
5.0.0rc1	4 Feb, 2025	0 C 0 H 2 M 0 L
4.1.4	28 Aug, 2025	0 C 0 H 2 M 0 L
4.1.4rc1	23 Aug, 2025	0 C 0 H 2 M 0 L
4.1.3.post1	17 Jul, 2025	0 C 0 H 2 M 0 L