Carview!

VEHICLES
BRAND
- JAPANESE CARS
  - DAIHATSU
  - EUNOS
  - FORD
  - HONDA
  - ISUZU
  - LEXUS
  - MAZDA
  - MITSUBISHI
  - MITSUOKA
  - NISSAN
  - SUBARU
  - SUZUKI
  - TOYOTA
- GERMAN CARS
- AMERICAN CARS
- BRITISH CARS
- ITALIAN CARS
- FRENCH CARS
- SWEDISH CARS
- KOREAN CARS
TYPE
- mobility
- VENDING
- instruction
- TAXIS
- AMBULANCES
- FIRE ENGINES
- HEARSES
- LIMOUSINES
- COMMERCIAL
CLASS
FUEL
TRUCKS
minitrucks
- DAIHATSU
- HONDA
- MAZDA
- MITSUBISHI
- NISSAN
- SUBARU
- SUZUKI
- DUMP
- CRANE
- CAMPER
- REFRIGERATED
- 4WD
- NEW
BUSES
MOTORHOMES
- YAHOO!
- RAKUTEN
- DEALER

CVE	Title	Affected
CVE-2025-55673	Exposure of Sensitive Information to an Unauthorized Actor	< 5.0.0
CVE-2025-55674	Improper Neutralization of Special Elements used in an SQL Command	< 5.0.0
CVE-2025-55675	Improper Access Control leading to Information Disclosure	< 5.0.0

CVE	Title	Affected
CVE-2025-27696	Improper authorization leading to resource ownership takeover	< 4.1.2
CVE-2025-48912	Improper authorization bypass on row level security via SQL Injection	< 4.1.2

CVE	Title	Affected
CVE-2024-53947	Improper SQL authorisation, parse for specific postgres functions	< 4.1.0
CVE-2024-53948	Error verbosity exposes metadata in analytics databases	< 4.1.0
CVE-2024-53949	Lower privilege users are able to create Role when FAB_ADD_SECURITY_API is enabled	< 4.1.0
CVE-2024-55633	SQLLab Improper readonly query validation allows unauthorized write access	< 4.1.0

CVE	Title	Affected
CVE-2024-27315	Improper error handling on alerts	< 3.0.4, >= 3.1.0, < 3.1.1
CVE-2024-24773	Improper validation of SQL statements allows for unauthorized access to data	< 3.0.4, >= 3.1.0, < 3.1.1
CVE-2024-24772	Improper Neutralisation of custom SQL on embedded context	< 3.0.4, >= 3.1.0, < 3.1.1
CVE-2024-24779	Improper data authorization when creating a new dataset	< 3.0.4, >= 3.1.0, < 3.1.1
CVE-2024-26016	Improper authorization validation on dashboards and charts import	< 3.0.4, >= 3.1.0, < 3.1.1

CVE	Title	Affected
CVE-2023-46104	Allows for uncontrolled resource consumption via a ZIP bomb	< 2.1.3, >= 3.0.0, < 3.0.2
CVE-2023-49736	SQL Injection on where_in JINJA macro	< 2.1.3, >= 3.0.0, < 3.0.2
CVE-2023-49734	Privilege Escalation Vulnerability	< 2.1.3, >= 3.0.0, < 3.0.2

CVEs fixed by release

Version 5.0.0

Version 4.1.3

Version 4.1.2

Version 4.1.0

Version 4.0.2

Version 3.1.3, 4.0.1

Version 3.1.2

Version 3.0.4, 3.1.1

Version 3.0.3

Version 3.0.2, 2.1.3

Version 3.0.0

Version 2.1.3

Version 2.1.2

Version 2.1.1

Version 2.1.0

Version 2.0.1

CVE	Title	Affected
CVE-2023-42502	Open Redirect Vulnerability	< 3.0.0
CVE-2023-42505	Sensitive information disclosure on db connection details	< 3.0.0

CVE	Title	Affected
CVE-2023-40610	Privilege escalation with default examples database	< 2.1.2
CVE-2023-42501	Unnecessary read permissions within the Gamma role	< 2.1.2
CVE-2023-43701	Stored XSS on API endpoint	< 2.1.2

CVE	Title	Affected
CVE-2023-36387	Improper API permission for low privilege users	< 2.1.1
CVE-2023-36388	Improper API permission for low privilege users allows for SSRF	< 2.1.1
CVE-2023-27523	Improper data permission validation on Jinja templated queries	< 2.1.1
CVE-2023-27526	Improper Authorization check on import charts	< 2.1.1
CVE-2023-39264	Stack traces enabled by default	< 2.1.1
CVE-2023-39265	Possible Unauthorized Registration of SQLite Database Connections	< 2.1.1
CVE-2023-37941	Metadata db write access can lead to remote code execution	< 2.1.1
CVE-2023-32672	SQL parser edge case bypasses data access authorization	< 2.1.1

CVE	Title	Affected
CVE-2023-25504	Possible SSRF on import datasets	< 2.1.0
CVE-2023-27524	Session validation vulnerability when using provided default SECRET_KEY	< 2.1.0
CVE-2023-27525	Incorrect default permissions for Gamma role	< 2.1.0
CVE-2023-30776	Database connection password leak	< 2.1.0

CVE	Title	Affected
CVE-2022-41703	SQL injection vulnerability in adhoc clauses	< 2.0.1 or < 1.5.2
CVE-2022-43717	Cross-Site Scripting on dashboards	< 2.0.1 or < 1.5.2
CVE-2022-43718	Cross-Site Scripting vulnerability on upload forms	< 2.0.1 or < 1.5.2
CVE-2022-43719	Cross Site Request Forgery (CSRF) on accept, request access	< 2.0.1 or < 1.5.2
CVE-2022-43720	Improper rendering of user input	< 2.0.1 or < 1.5.2
CVE-2022-43721	Open Redirect Vulnerability	< 2.0.1 or < 1.5.2
CVE-2022-45438	Dashboard metadata information leak	< 2.0.1 or < 1.5.2

Version 5.0.0​

Version 4.1.3​

Version 4.1.2​

Version 4.1.0​

Version 4.0.2​

Version 3.1.3, 4.0.1​

Version 3.1.2​

Version 3.0.4, 3.1.1​

Version 3.0.3​

Version 3.0.2, 2.1.3​

Version 3.0.0​

Version 2.1.3​

Version 2.1.2​

Version 2.1.1​

Version 2.1.0​

Version 2.0.1​

Version 5.0.0

Version 4.1.3

Version 4.1.2

Version 4.1.0

Version 4.0.2

Version 3.1.3, 4.0.1

Version 3.1.2

Version 3.0.4, 3.1.1

Version 3.0.3

Version 3.0.2, 2.1.3

Version 3.0.0

Version 2.1.3

Version 2.1.2

Version 2.1.1

Version 2.1.0

Version 2.0.1