This page collects WhisperX intelligence signals tagged #apache-superset. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
Security researchers have identified a broken access control vulnerability in Apache Superset, the widely deployed open-source business intelligence platform. The flaw, classified under OWASP A01:2021, stems from API endpoints missing required @has_access permission decorators, potentially allowing unauthorized users t...
A reported vulnerability in Apache Superset reveals that several dangerous PostgreSQL functions capable of data exfiltration and side effects are absent from the application's DISALLOWED_SQL_FUNCTIONS blocklist. The flaw, classified under OWASP A03:2021 — Injection (CWE-89), could allow attackers to bypass intended que...
A critical improper authorization vulnerability has been identified in Apache Superset, the open-source data visualization platform. The flaw, which resides in the framework's FAB_ADD_SECURITY_API functionality, permits users with lower privilege levels to interact with administrative role-creation endpoints that shoul...
A critical improper authorization vulnerability has been identified in Apache Superset when the FAB_ADD_SECURITY_API configuration is enabled, allowing lower-privilege users to create roles through the API. The security flaw, tracked as a significant access control failure, affects versions from 2.0.0 up to but not inc...
A critical authorization weakness in Apache Superset enables users with SQLLab access to bypass read-only query safeguards on Postgres analytic databases. The vulnerability stems from improper validation logic that misidentifies specially crafted SQL DML statements as read-only operations, permitting their execution ag...
A critical input validation vulnerability in Apache Superset exposes affected installations to arbitrary file read attacks by authenticated users through specially crafted MariaDB connections. The flaw leverages the LOCAL_INFILE capability—a database feature disabled by default on MariaDB servers but potentially exploi...