Please email security@redash.io to report any security vulnerabilities. We will acknowledge receipt of your vulnerability and strive to send you regular updates about our progress. If you're curious about the status of your disclosure please feel free to email us again. If you want to encrypt your disclosure email, you can use this PGP key.
Security: getredash/redash
Security
SECURITY.md
-
LDAP injection in auth_ldap_userGHSA-32fw-wc7f-7qg9 published
May 18, 2024 by arikfrModerate -
SAML Privilege Escalation via PySAML2GHSA-rm5x-rgmf-qv5c published
Apr 3, 2023 by arikfrCritical -
Server-Side Request Forgery (SSRF) in RedashGHSA-fcpv-hgq6-87h7 published
Nov 23, 2021 by arikfrModerate -
Insecure default configurationGHSA-g8xr-f424-h2rv published
Nov 23, 2021 by arikfrHigh -
Insecure use of state parameter for Google OAuth LoginGHSA-vhc7-w7r8-8m34 published
Nov 23, 2021 by arikfrModerate -
Authenticated Server-Side Request Forgery (SSRF) in the JSON data source / internal addresses restriction bypassGHSA-4599-9qr8-ccj6 published
Jun 15, 2020 by arikfrLow
Learn more about advisories related to getredash/redash in the GitHub Advisory Database