VYPR
Vendor

Getredash

Products
1
CVEs
4
Across products
4
Status
Private

Products

1

Recent CVEs

4
  • CVE-2025-5874MedJun 9, 2025
    risk 0.30cvss 4.6epss 0.00

    A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is…

  • CVE-2021-41192HigNov 24, 2021
    risk 0.01cvss 8.1epss 0.08

    Redash is a package for data visualization and sharing. If an admin sets up Redash versions 10.0.0 and prior without explicitly specifying the `REDASH_COOKIE_SECRET` or `REDASH_SECRET_KEY` environment variables, a default value is used for both that is the same across all…

  • CVE-2021-43780MedNov 24, 2021
    risk 0.00cvss 6.8epss 0.01

    Redash is a package for data visualization and sharing. In versions 10.0 and priorm the implementation of URL-loading data sources like JSON, CSV, or Excel is vulnerable to advanced methods of Server Side Request Forgery (SSRF). These vulnerabilities are only exploitable on…

  • CVE-2021-43777MedNov 24, 2021
    risk 0.00cvss 6.8epss 0.00

    Redash is a package for data visualization and sharing. In Redash version 10.0 and prior, the implementation of Google Login (via OAuth) incorrectly uses the `state` parameter to pass the next URL to redirect the user to after login. The `state` parameter should be used for a…