VYPR

Redash

by Redash

Source repositories

CVEs (5)

  • CVE-2020-12725HigJun 11, 2020
    risk 0.47cvss 7.2epss 0.01

    Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP…

  • CVE-2020-36144MedMar 18, 2021
    risk 0.35cvss 5.3epss 0.01

    Redash 8.0.0 is affected by LDAP Injection. There is an information leak through the crafting of special queries, escaping the provided template since the username included in the search filter lacks sanitization.

  • CVE-2025-5874MedJun 9, 2025
    risk 0.30cvss 4.6epss 0.00

    A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is…

  • CVE-2021-43780MedNov 24, 2021
    risk 0.00cvss 6.8epss 0.01

    Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on…

  • CVE-2021-43777MedNov 24, 2021
    risk 0.00cvss 6.8epss 0.00

    Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a…