Browse all 3 CVE security advisories affecting getredash. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Getredash is an open-source data visualization and dashboarding platform enabling users to query and visualize data from multiple sources. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. The platform's extensibility through plugins and integrations introduces additional attack surfaces. While no major public security incidents have been widely documented, the three recorded CVEs highlight ongoing security concerns, particularly around unauthorized access and code execution risks. Organizations should implement strict access controls and regular security assessments when deploying getredash in production environments.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2021-43780 | Server-Side Request Forgery (SSRF) in Redash — redashCWE-918 | 6.8 | Medium | 2021-11-23 |
| CVE-2021-41192 | Insecure default configuration — redashCWE-1188 | 8.1 | High | 2021-11-23 |
| CVE-2021-43777 | Vulnerability in Redash OAuth2 flows due to misuse of state field (should be a nonce) — redashCWE-352 | 6.8 | Medium | 2021-11-23 |
This page lists every published CVE security advisory associated with getredash. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.