Apache Superset (Python) – Support, CVEs & Health

GHSA-299q-3p96-5898 CVSS_V3

Apache Superset Incorrect Authorization vulnerability

Published: 2024-05-07 Fixed in: 3.1.2

GHSA-2cx9-54hp-r698 CVSS_V3

Apache Superset: Error verbosity exposes metadata in analytics databases

Published: 2024-12-09 Fixed in: 4.1.0

GHSA-2q6j-vpvr-6pvj CVSS_V3

Apache Superset vulnerable to improper SQL authorization

Published: 2024-07-16 Fixed in: 4.0.2

GHSA-35fc-9hrj-3585 CVSS_V3

Apache Superset: Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled

Published: 2024-12-09 Fixed in: 4.1.0

GHSA-3hp7-4qq4-v5c6 CVSS_V3

Apache Superset Allocation of Resources Without Limits or Throttling vulnerability

Published: 2023-11-28 Fixed in: 3.0.0

GHSA-3m2g-v7jf-7fxc CVSS_V4

Apache Superset Improper Authorization allows low-privileged users to bypass access controls

Published: 2026-02-24 Fixed in: 6.0.0

GHSA-3v9r-885j-762g CVSS_V3

Apache Superset: Improper authorization validation on dashboards and charts import

Published: 2024-02-28 Fixed in: 3.0.4

GHSA-42q4-9xf9-f67x CVSS_V3

Apache Superset allowed for database connections password leak for authenticated users

Published: 2022-05-24 Fixed in: 1.3.2

GHSA-48m2-v2r8-h23m CVSS_V4

Apache Superset: Incomplete DISALLOWED_SQL_FUNCTIONS default list for ClickHouse engine

Published: 2026-02-24 Fixed in: 4.1.2

GHSA-4fg9-5w46-xmrj CVSS_V3

Apache Superset Server Side Request Forgery vulnerability

Published: 2023-09-06 No fix available

Apache Superset