Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/16550?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/16550?format=api", "purl": "pkg:pypi/apache-airflow@1.10.10rc2", "type": "pypi", "namespace": "", "name": "apache-airflow", "version": "1.10.10rc2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.0", "latest_non_vulnerable_version": "3.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8944?format=api", "vulnerability_id": "VCID-1963-1kyn-2ban", "summary": "We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33413" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml" }, { "reference_url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037", "reference_id": "CVE-2023-47037", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037" }, { "reference_url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9", "reference_id": "GHSA-hm9r-7f84-25c9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30900?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "CVE-2023-47037", "GHSA-hm9r-7f84-25c9", "PYSEC-2023-232" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1963-1kyn-2ban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8725?format=api", "vulnerability_id": "VCID-1azm-hsvr-f3e8", "summary": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03621", "scoring_system": "epss", "scoring_elements": "0.87999", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/29500", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/29500" }, { "reference_url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693", "reference_id": "CVE-2023-25693", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693" }, { "reference_url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf", "reference_id": "GHSA-j69x-v4wc-3fpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30991?format=api", "purl": "pkg:pypi/apache-airflow@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4fjp-pn9s-tyhz" }, { "vulnerability": "VCID-9x6r-5m59-yyap" }, { "vulnerability": "VCID-bv7f-s53t-uqe4" }, { "vulnerability": "VCID-g8pv-cam5-d7dj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kmz1-dm9f-d7hj" }, { "vulnerability": "VCID-m3ff-jty5-3uhw" }, { "vulnerability": "VCID-nrc9-bdc2-dfes" }, { "vulnerability": "VCID-nrgz-jdnp-kyet" }, { "vulnerability": "VCID-pvh4-3wng-ekdq" }, { "vulnerability": "VCID-tj2m-5j3f-5ueq" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vwv4-7y7y-9fcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1" } ], "aliases": [ "CVE-2023-25693", "GHSA-j69x-v4wc-3fpf", "PYSEC-2023-314" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1azm-hsvr-f3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8821?format=api", "vulnerability_id": "VCID-1ptn-xvsy-d3hu", "summary": "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74434", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315" }, { "reference_url": "https://github.com/apache/airflow/pull/32060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32060" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml" }, { "reference_url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543", "reference_id": "CVE-2023-36543", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543" }, { "reference_url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m", "reference_id": "GHSA-3h4m-m55v-gx4m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-36543", "GHSA-3h4m-m55v-gx4m", "PYSEC-2023-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptn-xvsy-d3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8862?format=api", "vulnerability_id": "VCID-2q7x-bua5-37h7", "summary": "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51144", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6" }, { "reference_url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b" }, { "reference_url": "https://github.com/apache/airflow/pull/33347", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/33347" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml" }, { "reference_url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/08/23/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://www.openwall.com/lists/oss-security/2023/08/23/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273", "reference_id": "CVE-2023-40273", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273" }, { "reference_url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9", "reference_id": "GHSA-pm87-24wq-r8w9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30892?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30894?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1" } ], "aliases": [ "CVE-2023-40273", "GHSA-pm87-24wq-r8w9", "PYSEC-2023-158" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7x-bua5-37h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7952?format=api", "vulnerability_id": "VCID-2xpf-ut63-tbcx", "summary": "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17227", "scoring_system": "epss", "scoring_elements": "0.95139", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13944" }, { "reference_url": "https://github.com/advisories/GHSA-4pwq-fj89-6rjc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4pwq-fj89-6rjc" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/11/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/12/11/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/05/01/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17086?format=api", "purl": "pkg:pypi/apache-airflow@1.10.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12" } ], "aliases": [ "CVE-2020-13944", "GHSA-4pwq-fj89-6rjc", "PYSEC-2020-19" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xpf-ut63-tbcx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8127?format=api", "vulnerability_id": "VCID-37nw-x186-puds", "summary": "If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35936", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01895", "scoring_system": "epss", "scoring_elements": "0.83527", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35936" }, { "reference_url": "https://github.com/advisories/GHSA-m6h2-jx9v-58w6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m6h2-jx9v-58w6" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351" }, { "reference_url": "https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8" }, { "reference_url": "https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63" }, { "reference_url": "https://github.com/apache/airflow/compare/2.1.1...2.1.2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/compare/2.1.1...2.1.2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35936", "reference_id": "CVE-2021-35936", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35936" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/22086?format=api", "purl": "pkg:pypi/apache-airflow@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-kjw8-c6cn-3kee" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2" } ], "aliases": [ "CVE-2021-35936", "GHSA-m6h2-jx9v-58w6", "PYSEC-2021-122" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37nw-x186-puds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8738?format=api", "vulnerability_id": "VCID-4693-xwwu-7uem", "summary": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01026", "scoring_system": "epss", "scoring_elements": "0.7759", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25695" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951" }, { "reference_url": "https://github.com/apache/airflow/pull/29501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29501" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml" }, { "reference_url": "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25695", "reference_id": "CVE-2023-25695", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25695" }, { "reference_url": "https://github.com/advisories/GHSA-h6g5-wqqr-3mw3", "reference_id": "GHSA-h6g5-wqqr-3mw3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h6g5-wqqr-3mw3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30868?format=api", "purl": "pkg:pypi/apache-airflow@2.5.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30870?format=api", "purl": "pkg:pypi/apache-airflow@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2" } ], "aliases": [ "CVE-2023-25695", "GHSA-h6g5-wqqr-3mw3", "PYSEC-2023-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4693-xwwu-7uem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=api", "vulnerability_id": "VCID-4btd-59ga-1yd4", "summary": "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00524", "scoring_system": "epss", "scoring_elements": "0.67272", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75" }, { "reference_url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e" }, { "reference_url": "https://github.com/apache/airflow/pull/30447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/30447" }, { "reference_url": "https://github.com/apache/airflow/pull/30779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/30779" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml" }, { "reference_url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247", "reference_id": "CVE-2023-29247", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247" }, { "reference_url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr", "reference_id": "GHSA-vcf6-3wv2-5vcr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-29247", "GHSA-vcf6-3wv2-5vcr", "PYSEC-2023-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4btd-59ga-1yd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9035?format=api", "vulnerability_id": "VCID-4u8d-ezsr-sqcz", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44037", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462" }, { "reference_url": "https://github.com/apache/airflow/pull/36255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/36255" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml" }, { "reference_url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943", "reference_id": "CVE-2023-50943", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943" }, { "reference_url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2", "reference_id": "GHSA-c3c6-f2ww-xfr2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30907?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30908?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "CVE-2023-50943", "GHSA-c3c6-f2ww-xfr2", "PYSEC-2024-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u8d-ezsr-sqcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8020?format=api", "vulnerability_id": "VCID-5j9w-1tng-k3ac", "summary": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84475", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17513" }, { "reference_url": "https://github.com/advisories/GHSA-6r3p-fcvm-xh7c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r3p-fcvm-xh7c" }, { "reference_url": "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18075?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" } ], "aliases": [ "CVE-2020-17513", "GHSA-6r3p-fcvm-xh7c", "PYSEC-2020-20" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5j9w-1tng-k3ac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8853?format=api", "vulnerability_id": "VCID-5ph5-s3qc-guf4", "summary": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02101", "scoring_system": "epss", "scoring_elements": "0.84348", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39553" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110" }, { "reference_url": "https://github.com/apache/airflow/pull/33074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33074" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml" }, { "reference_url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/08/11/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2023/08/11/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/11/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2023/08/11/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39553", "reference_id": "CVE-2023-39553", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39553" }, { "reference_url": "https://github.com/advisories/GHSA-mq4v-6vg4-796c", "reference_id": "GHSA-mq4v-6vg4-796c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mq4v-6vg4-796c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28564?format=api", "purl": "pkg:pypi/apache-airflow@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3" } ], "aliases": [ "CVE-2023-39553", "GHSA-mq4v-6vg4-796c", "PYSEC-2023-136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ph5-s3qc-guf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7927?format=api", "vulnerability_id": "VCID-5qe8-jdbh-x7b4", "summary": "An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61674", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11983" }, { "reference_url": "https://github.com/advisories/GHSA-q4p3-qw5c-mhpc", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4p3-qw5c-mhpc" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11983", "reference_id": "CVE-2020-11983", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11983" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16555?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-krjr-ctw4-r3d3" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17081?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "CVE-2020-11983", "GHSA-q4p3-qw5c-mhpc", "PYSEC-2020-17" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5qe8-jdbh-x7b4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8596?format=api", "vulnerability_id": "VCID-5ufe-1rrj-rkgp", "summary": "A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01636", "scoring_system": "epss", "scoring_elements": "0.82237", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27949" }, { "reference_url": "https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a" }, { "reference_url": "https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443" }, { "reference_url": "https://github.com/apache/airflow/pull/22754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/22754" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml" }, { "reference_url": "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/14/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/11/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27949", "reference_id": "CVE-2022-27949", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27949" }, { "reference_url": "https://github.com/advisories/GHSA-fvw2-2pf7-77vw", "reference_id": "GHSA-fvw2-2pf7-77vw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvw2-2pf7-77vw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27884?format=api", "purl": "pkg:pypi/apache-airflow@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-fut9-4dat-qbfy" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k7ea-m9cw-w3fz" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-swav-nrrn-wbcs" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1" } ], "aliases": [ "CVE-2022-27949", "GHSA-fvw2-2pf7-77vw", "PYSEC-2022-42981" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ufe-1rrj-rkgp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8325?format=api", "vulnerability_id": "VCID-6hxm-nnhg-buex", "summary": "In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89825", "scoring_system": "epss", "scoring_elements": "0.99587", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24288" }, { "reference_url": "https://github.com/advisories/GHSA-3v7g-4pg3-7r6j", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v7g-4pg3-7r6j" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml" }, { "reference_url": "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24288", "reference_id": "CVE-2022-24288", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24288" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25526?format=api", "purl": "pkg:pypi/apache-airflow@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-fut9-4dat-qbfy" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4" } ], "aliases": [ "CVE-2022-24288", "GHSA-3v7g-4pg3-7r6j", "PYSEC-2022-30" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6hxm-nnhg-buex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8820?format=api", "vulnerability_id": "VCID-7z8j-8f4d-53dm", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37541", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8" }, { "reference_url": "https://github.com/apache/airflow/pull/32309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32309" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml" }, { "reference_url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651", "reference_id": "CVE-2022-46651", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651" }, { "reference_url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq", "reference_id": "GHSA-xvw9-3mhm-xjqq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2022-46651", "GHSA-xvw9-3mhm-xjqq", "PYSEC-2023-103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z8j-8f4d-53dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9036?format=api", "vulnerability_id": "VCID-82p8-yujf-hkdd", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34758", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1" }, { "reference_url": "https://github.com/apache/airflow/pull/36257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/36257" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml" }, { "reference_url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944", "reference_id": "CVE-2023-50944", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944" }, { "reference_url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w", "reference_id": "GHSA-vm5m-qmrx-fw8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30907?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30908?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "CVE-2023-50944", "GHSA-vm5m-qmrx-fw8w", "PYSEC-2024-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82p8-yujf-hkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9192?format=api", "vulnerability_id": "VCID-8m3p-yzr8-yyhj", "summary": "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75225", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937" }, { "reference_url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98" }, { "reference_url": "https://github.com/apache/airflow/pull/40933", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/40933" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml" }, { "reference_url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/08/21/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/08/21/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937", "reference_id": "CVE-2024-41937", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937" }, { "reference_url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m", "reference_id": "GHSA-w7cp-g8v7-r54m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30933?format=api", "purl": "pkg:pypi/apache-airflow@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-s7es-yfst-8kce" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0" } ], "aliases": [ "CVE-2024-41937", "GHSA-w7cp-g8v7-r54m", "PYSEC-2024-181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3p-yzr8-yyhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8881?format=api", "vulnerability_id": "VCID-8npr-rvfd-jkfj", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31182", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33413" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml" }, { "reference_url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611", "reference_id": "CVE-2023-40611", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611" }, { "reference_url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92", "reference_id": "GHSA-wpg8-mf6h-gm92", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30896?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "CVE-2023-40611", "GHSA-wpg8-mf6h-gm92", "PYSEC-2023-170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8npr-rvfd-jkfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8909?format=api", "vulnerability_id": "VCID-8ykk-1kak-6bfd", "summary": "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32066", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780" }, { "reference_url": "https://github.com/apache/airflow/pull/34355", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/34355" }, { "reference_url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780", "reference_id": "CVE-2023-42780", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780" }, { "reference_url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43", "reference_id": "GHSA-cgx2-rrmr-jx43", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42780", "GHSA-cgx2-rrmr-jx43", "PYSEC-2023-202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ykk-1kak-6bfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8022?format=api", "vulnerability_id": "VCID-9f34-2r5y-sydz", "summary": "Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91349", "scoring_system": "epss", "scoring_elements": "0.99674", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17526" }, { "reference_url": "https://github.com/advisories/GHSA-7mx5-x372-xh87", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7mx5-x372-xh87" }, { "reference_url": "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/12/21/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18139?format=api", "purl": "pkg:pypi/apache-airflow@1.10.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14" } ], "aliases": [ "CVE-2020-17526", "GHSA-7mx5-x372-xh87", "PYSEC-2020-22" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9f34-2r5y-sydz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=api", "vulnerability_id": "VCID-arbk-dryb-qkda", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45465", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa" }, { "reference_url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99" }, { "reference_url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e" }, { "reference_url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d" }, { "reference_url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f" }, { "reference_url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c" }, { "reference_url": "https://github.com/apache/airflow/pull/37501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37501" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml" }, { "reference_url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/01/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/03/01/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280", "reference_id": "CVE-2024-26280", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280" }, { "reference_url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459", "reference_id": "GHSA-6xwf-xvf3-v459", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30912?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-974g-7wsa-dqd7" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "CVE-2024-26280", "GHSA-6xwf-xvf3-v459", "PYSEC-2024-42" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arbk-dryb-qkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9500?format=api", "vulnerability_id": "VCID-bn9u-brjp-yudy", "summary": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5741", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67895" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/59143", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/59143" }, { "reference_url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/12/16/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2025/12/16/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895", "reference_id": "CVE-2025-67895", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895" }, { "reference_url": "https://github.com/advisories/GHSA-66h8-3g48-6hx8", "reference_id": "GHSA-66h8-3g48-6hx8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66h8-3g48-6hx8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18713?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-kjw8-c6cn-3kee" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0" } ], "aliases": [ "CVE-2025-67895", "GHSA-66h8-3g48-6hx8", "PYSEC-2025-87" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bn9u-brjp-yudy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8543?format=api", "vulnerability_id": "VCID-ctd9-hxfn-8fcs", "summary": "In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.56923", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41672" }, { "reference_url": "https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c" }, { "reference_url": "https://github.com/apache/airflow/pull/26635", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/26635" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml" }, { "reference_url": "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41672", "reference_id": "CVE-2022-41672", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41672" }, { "reference_url": "https://github.com/advisories/GHSA-3q8r-f3pj-3gc4", "reference_id": "GHSA-3q8r-f3pj-3gc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3q8r-f3pj-3gc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28240?format=api", "purl": "pkg:pypi/apache-airflow@2.4.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28242?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" } ], "aliases": [ "CVE-2022-41672", "GHSA-3q8r-f3pj-3gc4", "PYSEC-2022-42983" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ctd9-hxfn-8fcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8823?format=api", "vulnerability_id": "VCID-d3kc-fn21-xqar", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70855", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml" }, { "reference_url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887", "reference_id": "CVE-2023-22887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887" }, { "reference_url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv", "reference_id": "GHSA-ggwr-4vr8-g7wv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-22887", "GHSA-ggwr-4vr8-g7wv", "PYSEC-2023-104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3kc-fn21-xqar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8824?format=api", "vulnerability_id": "VCID-dk1y-938p-k3bv", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35419", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml" }, { "reference_url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888", "reference_id": "CVE-2023-22888", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888" }, { "reference_url": "https://github.com/advisories/GHSA-5946-8p38-vffp", "reference_id": "GHSA-5946-8p38-vffp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5946-8p38-vffp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-22888", "GHSA-5946-8p38-vffp", "PYSEC-2023-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk1y-938p-k3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7924?format=api", "vulnerability_id": "VCID-dp6s-jdma-a7cc", "summary": "An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02134", "scoring_system": "epss", "scoring_elements": "0.84471", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9485" }, { "reference_url": "https://github.com/advisories/GHSA-j38c-25fj-mr84", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j38c-25fj-mr84" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9485", "reference_id": "CVE-2020-9485", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9485" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16555?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-krjr-ctw4-r3d3" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17081?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "CVE-2020-9485", "GHSA-j38c-25fj-mr84", "PYSEC-2020-23" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dp6s-jdma-a7cc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8598?format=api", "vulnerability_id": "VCID-e19b-adrm-x7fu", "summary": "In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04787", "scoring_system": "epss", "scoring_elements": "0.89642", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45402" }, { "reference_url": "https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7" }, { "reference_url": "https://github.com/apache/airflow/pull/27576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/27576" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml" }, { "reference_url": "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/15/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45402", "reference_id": "CVE-2022-45402", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45402" }, { "reference_url": "https://github.com/advisories/GHSA-rg94-84xj-7gq3", "reference_id": "GHSA-rg94-84xj-7gq3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg94-84xj-7gq3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28564?format=api", "purl": "pkg:pypi/apache-airflow@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3" } ], "aliases": [ "CVE-2022-45402", "GHSA-rg94-84xj-7gq3", "PYSEC-2022-42984" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e19b-adrm-x7fu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8943?format=api", "vulnerability_id": "VCID-fctg-457f-4uae", "summary": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17222", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3" }, { "reference_url": "https://github.com/apache/airflow/pull/34939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/34939" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml" }, { "reference_url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781", "reference_id": "CVE-2023-42781", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781" }, { "reference_url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv", "reference_id": "GHSA-r7x6-xfcm-3mxv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30900?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "CVE-2023-42781", "GHSA-r7x6-xfcm-3mxv", "PYSEC-2023-231" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fctg-457f-4uae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8595?format=api", "vulnerability_id": "VCID-fnsx-gtgn-27dr", "summary": "A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93305", "scoring_system": "epss", "scoring_elements": "0.99816", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40127" }, { "reference_url": "https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5" }, { "reference_url": "https://github.com/apache/airflow/pull/25960", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/25960" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml" }, { "reference_url": "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/14/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/11/14/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40127", "reference_id": "CVE-2022-40127", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40127" }, { "reference_url": "https://github.com/advisories/GHSA-6pw3-8h9w-32gc", "reference_id": "GHSA-6pw3-8h9w-32gc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pw3-8h9w-32gc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28239?format=api", "purl": "pkg:pypi/apache-airflow@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0" } ], "aliases": [ "CVE-2022-40127", "GHSA-6pw3-8h9w-32gc", "PYSEC-2022-42982" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fnsx-gtgn-27dr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8326?format=api", "vulnerability_id": "VCID-gbgf-jfzt-tqg1", "summary": "It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01561", "scoring_system": "epss", "scoring_elements": "0.81789", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45229" }, { "reference_url": "https://github.com/advisories/GHSA-65xw-pcqw-hjrh", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65xw-pcqw-hjrh" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml" }, { "reference_url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45229", "reference_id": "CVE-2021-45229", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45229" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/25525?format=api", "purl": "pkg:pypi/apache-airflow@2.2.4rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1" } ], "aliases": [ "CVE-2021-45229", "GHSA-65xw-pcqw-hjrh", "PYSEC-2022-29" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbgf-jfzt-tqg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8751?format=api", "vulnerability_id": "VCID-gg94-fdbv-y7g1", "summary": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76854", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28707" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3" }, { "reference_url": "https://github.com/apache/airflow/pull/30215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/30215" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml" }, { "reference_url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/04/07/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2023/04/07/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28707", "reference_id": "CVE-2023-28707", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28707" }, { "reference_url": "https://github.com/advisories/GHSA-85pf-r4c7-3j9r", "reference_id": "GHSA-85pf-r4c7-3j9r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-85pf-r4c7-3j9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27887?format=api", "purl": "pkg:pypi/apache-airflow@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-fut9-4dat-qbfy" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k7ea-m9cw-w3fz" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-swav-nrrn-wbcs" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2" } ], "aliases": [ "CVE-2023-28707", "GHSA-85pf-r4c7-3j9r", "PYSEC-2023-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg94-fdbv-y7g1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8087?format=api", "vulnerability_id": "VCID-gt7b-5554-y7dq", "summary": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02558", "scoring_system": "epss", "scoring_elements": "0.85766", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359" }, { "reference_url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18706?format=api", "purl": "pkg:pypi/apache-airflow@1.10.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/20423?format=api", "purl": "pkg:pypi/apache-airflow@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-kjw8-c6cn-3kee" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2" } ], "aliases": [ "CVE-2021-28359", "GHSA-3xxv-p78r-4fc6", "PYSEC-2021-4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gt7b-5554-y7dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8908?format=api", "vulnerability_id": "VCID-hgq2-kuex-y3a3", "summary": "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61013", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/34315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/34315" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml" }, { "reference_url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663", "reference_id": "CVE-2023-42663", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663" }, { "reference_url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp", "reference_id": "GHSA-32wr-qqw6-5mfp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42663", "GHSA-32wr-qqw6-5mfp", "PYSEC-2023-197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgq2-kuex-y3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9153?format=api", "vulnerability_id": "VCID-hpf3-3z3m-6ydt", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27723", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142" }, { "reference_url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3" }, { "reference_url": "https://github.com/apache/airflow/pull/39550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/39550" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml" }, { "reference_url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/13/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/13/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142", "reference_id": "CVE-2024-25142", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142" }, { "reference_url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2", "reference_id": "GHSA-9xpj-62mm-24h2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30927?format=api", "purl": "pkg:pypi/apache-airflow@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2" } ], "aliases": [ "CVE-2024-25142", "GHSA-9xpj-62mm-24h2", "PYSEC-2024-195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpf3-3z3m-6ydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9628?format=api", "vulnerability_id": "VCID-j6uh-kx6m-sydp", "summary": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16117", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917" }, { "reference_url": "https://github.com/apache/airflow/pull/61641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/61641" }, { "reference_url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48415?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "CVE-2026-25917", "PYSEC-2026-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uh-kx6m-sydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8252?format=api", "vulnerability_id": "VCID-jrwf-mt69-1ydt", "summary": "In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has \"can_create\" permissions on DAG Runs can create Dag Runs for dags that they don't have \"edit\" permissions for.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45230" }, { "reference_url": "https://github.com/advisories/GHSA-4jh2-3c85-q67h", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jh2-3c85-q67h" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml" }, { "reference_url": "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45230", "reference_id": "CVE-2021-45230", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18707?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/25171?format=api", "purl": "pkg:pypi/apache-airflow@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0" } ], "aliases": [ "CVE-2021-45230", "GHSA-4jh2-3c85-q67h", "PYSEC-2022-11" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrwf-mt69-1ydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9269?format=api", "vulnerability_id": "VCID-kb4a-mm13-63bj", "summary": "Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01059", "scoring_system": "epss", "scoring_elements": "0.77938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784" }, { "reference_url": "https://github.com/apache/airflow/pull/43040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/43040" }, { "reference_url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/11/15/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/11/15/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30940?format=api", "purl": "pkg:pypi/apache-airflow@2.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3" } ], "aliases": [ "CVE-2024-45784", "PYSEC-2024-182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb4a-mm13-63bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=api", "vulnerability_id": "VCID-kgfb-yphg-n3ec", "summary": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66216", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473" }, { "reference_url": "https://github.com/apache/airflow/pull/29506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29506" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/2.6.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/releases/tag/2.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml" }, { "reference_url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/05/08/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2023/05/08/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754", "reference_id": "CVE-2023-25754", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754" }, { "reference_url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp", "reference_id": "GHSA-jchm-fm4q-c2fp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30874?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-25754", "GHSA-jchm-fm4q-c2fp", "PYSEC-2023-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfb-yphg-n3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7999?format=api", "vulnerability_id": "VCID-krjr-ctw4-r3d3", "summary": "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94104", "scoring_system": "epss", "scoring_elements": "0.99913", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13927" }, { "reference_url": "https://github.com/advisories/GHSA-hhx9-p69v-cx2j", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhx9-p69v-cx2j" }, { "reference_url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/17081?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "CVE-2020-13927", "GHSA-hhx9-p69v-cx2j", "PYSEC-2020-18" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krjr-ctw4-r3d3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8040?format=api", "vulnerability_id": "VCID-ms13-tzaa-hkej", "summary": "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85494", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26697" }, { "reference_url": "https://github.com/advisories/GHSA-fh37-cx83-q542", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fh37-cx83-q542" }, { "reference_url": "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/17/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/02/17/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18716?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-kjw8-c6cn-3kee" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1" } ], "aliases": [ "CVE-2021-26697", "GHSA-fh37-cx83-q542", "PYSEC-2021-3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ms13-tzaa-hkej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8986?format=api", "vulnerability_id": "VCID-nfbc-tutd-37bw", "summary": "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12945", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929" }, { "reference_url": "https://github.com/apache/airflow/pull/33932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/apache/airflow/pull/33932" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml" }, { "reference_url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783", "reference_id": "CVE-2023-50783", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783" }, { "reference_url": "https://github.com/advisories/GHSA-5938-79hg-xh3q", "reference_id": "GHSA-5938-79hg-xh3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5938-79hg-xh3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30906?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "CVE-2023-50783", "GHSA-5938-79hg-xh3q", "PYSEC-2023-267" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfbc-tutd-37bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8465?format=api", "vulnerability_id": "VCID-p42d-ta7v-7yhn", "summary": "In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51046", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38170" }, { "reference_url": "https://github.com/advisories/GHSA-q8h9-pqcx-59hw", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8h9-pqcx-59hw" }, { "reference_url": "https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420" }, { "reference_url": "https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8" }, { "reference_url": "https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml" }, { "reference_url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/02/12", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/02/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38170", "reference_id": "CVE-2022-38170", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38170" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27893?format=api", "purl": "pkg:pypi/apache-airflow@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k7ea-m9cw-w3fz" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-swav-nrrn-wbcs" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4" } ], "aliases": [ "CVE-2022-38170", "GHSA-q8h9-pqcx-59hw", "PYSEC-2022-261" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p42d-ta7v-7yhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8846?format=api", "vulnerability_id": "VCID-pb3b-22wk-pbh5", "summary": "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65433", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8" }, { "reference_url": "https://github.com/apache/airflow/pull/29706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29706" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml" }, { "reference_url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508", "reference_id": "CVE-2023-39508", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508" }, { "reference_url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm", "reference_id": "GHSA-269x-pg5c-5xgm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30874?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-39508", "GHSA-269x-pg5c-5xgm", "PYSEC-2023-134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb3b-22wk-pbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8911?format=api", "vulnerability_id": "VCID-pmtw-nwnc-nyfw", "summary": "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69268", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/34366", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/apache/airflow/pull/34366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml" }, { "reference_url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792", "reference_id": "CVE-2023-42792", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792" }, { "reference_url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9", "reference_id": "GHSA-j3w8-2p2h-mrr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42792", "GHSA-j3w8-2p2h-mrr9", "PYSEC-2023-203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtw-nwnc-nyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8576?format=api", "vulnerability_id": "VCID-pqgj-ry81-6ua3", "summary": "In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01013", "scoring_system": "epss", "scoring_elements": "0.77432", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43985" }, { "reference_url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97" }, { "reference_url": "https://github.com/apache/airflow/pull/27143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/27143" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml" }, { "reference_url": "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43985", "reference_id": "CVE-2022-43985", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43985" }, { "reference_url": "https://github.com/advisories/GHSA-f9fq-78ch-4wmj", "reference_id": "GHSA-f9fq-78ch-4wmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9fq-78ch-4wmj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28242?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28445?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2" } ], "aliases": [ "CVE-2022-43985", "GHSA-f9fq-78ch-4wmj", "PYSEC-2022-42971" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pqgj-ry81-6ua3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8575?format=api", "vulnerability_id": "VCID-qxnw-7urw-fud2", "summary": "In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02904", "scoring_system": "epss", "scoring_elements": "0.86608", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43982" }, { "reference_url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97" }, { "reference_url": "https://github.com/apache/airflow/pull/27143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/27143" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml" }, { "reference_url": "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43982", "reference_id": "CVE-2022-43982", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43982" }, { "reference_url": "https://github.com/advisories/GHSA-h63r-9xxf-f2c7", "reference_id": "GHSA-h63r-9xxf-f2c7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h63r-9xxf-f2c7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28242?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/28445?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2" } ], "aliases": [ "CVE-2022-43982", "GHSA-h63r-9xxf-f2c7", "PYSEC-2022-42970" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxnw-7urw-fud2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8987?format=api", "vulnerability_id": "VCID-rysu-xhvt-yqda", "summary": "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2562", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c" }, { "reference_url": "https://github.com/apache/airflow/pull/34366", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/34366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml" }, { "reference_url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291", "reference_id": "CVE-2023-48291", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291" }, { "reference_url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh", "reference_id": "GHSA-8f57-wcmg-4jmh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30906?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "CVE-2023-48291", "GHSA-8f57-wcmg-4jmh", "PYSEC-2023-265" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rysu-xhvt-yqda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8880?format=api", "vulnerability_id": "VCID-s49h-br5r-5yh8", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33236", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e" }, { "reference_url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148" }, { "reference_url": "https://github.com/apache/airflow/pull/33512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33512" }, { "reference_url": "https://github.com/apache/airflow/pull/33516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33516" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml" }, { "reference_url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712", "reference_id": "CVE-2023-40712", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712" }, { "reference_url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw", "reference_id": "GHSA-mjqh-v5f2-g2mw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30896?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "CVE-2023-40712", "GHSA-mjqh-v5f2-g2mw", "PYSEC-2023-171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s49h-br5r-5yh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8041?format=api", "vulnerability_id": "VCID-ssbp-gvfd-2kef", "summary": "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68483", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26559" }, { "reference_url": "https://github.com/advisories/GHSA-ffw3-6mp6-jmvj", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ffw3-6mp6-jmvj" }, { "reference_url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/17/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/02/17/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18716?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-kjw8-c6cn-3kee" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1" } ], "aliases": [ "CVE-2021-26559", "GHSA-ffw3-6mp6-jmvj", "PYSEC-2021-2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ssbp-gvfd-2kef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7923?format=api", "vulnerability_id": "VCID-syqv-6kj7-j3e5", "summary": "An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11978", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94272", "scoring_system": "epss", "scoring_elements": "0.9994", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11978" }, { "reference_url": "https://github.com/advisories/GHSA-rvmq-4x66-q7j3", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rvmq-4x66-q7j3" }, { "reference_url": "https://github.com/apache/airflow/commit/2fa51576e1283f5732e38fada686fd248d9c3a1e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2fa51576e1283f5732e38fada686fd248d9c3a1e" }, { "reference_url": "https://github.com/apache/airflow/commit/4d8599e8b0520ff4226fbad72f724afae50fdd08", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4d8599e8b0520ff4226fbad72f724afae50fdd08" }, { "reference_url": "https://github.com/apache/airflow/pull/9143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/9143" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-14.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-14.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11978", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11978" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11978", "reference_id": "CVE-2020-11978", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11978" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16555?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-krjr-ctw4-r3d3" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" } ], "aliases": [ "CVE-2020-11978", "GHSA-rvmq-4x66-q7j3", "PYSEC-2020-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syqv-6kj7-j3e5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8018?format=api", "vulnerability_id": "VCID-tcjg-f9cn-mubj", "summary": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10185", "scoring_system": "epss", "scoring_elements": "0.93251", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17515" }, { "reference_url": "https://github.com/advisories/GHSA-86vp-x3pr-79rx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-86vp-x3pr-79rx" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/11/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/12/11/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/05/01/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/05/01/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18075?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" } ], "aliases": [ "CVE-2020-17515", "GHSA-86vp-x3pr-79rx", "PYSEC-2020-21" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcjg-f9cn-mubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9629?format=api", "vulnerability_id": "VCID-tpjn-4kru-vucv", "summary": "In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26413", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912" }, { "reference_url": "https://github.com/apache/airflow/pull/63028", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/63028" }, { "reference_url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48415?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "CVE-2026-30912", "PYSEC-2026-18" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjn-4kru-vucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8863?format=api", "vulnerability_id": "VCID-vj7z-pmk3-cydg", "summary": "Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603" }, { "reference_url": "https://github.com/apache/airflow/pull/32052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://github.com/apache/airflow/pull/32052" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml" }, { "reference_url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/23/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2023/08/23/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379", "reference_id": "CVE-2023-37379", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379" }, { "reference_url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh", "reference_id": "GHSA-x2mh-8fmc-rqgh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30890?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30893?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-g9j4-fhpm-uuba" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" } ], "aliases": [ "CVE-2023-37379", "GHSA-x2mh-8fmc-rqgh", "PYSEC-2023-152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7z-pmk3-cydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9521?format=api", "vulnerability_id": "VCID-vras-f42j-xqfg", "summary": "In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10793", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/59688", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/59688" }, { "reference_url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/15/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675", "reference_id": "CVE-2025-68675", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675" }, { "reference_url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h", "reference_id": "GHSA-7c2f-r6gc-h92h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30949?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45988?format=api", "purl": "pkg:pypi/apache-airflow@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9x6r-5m59-yyap" }, { "vulnerability": "VCID-bv7f-s53t-uqe4" }, { "vulnerability": "VCID-g8pv-cam5-d7dj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kmz1-dm9f-d7hj" }, { "vulnerability": "VCID-m3ff-jty5-3uhw" }, { "vulnerability": "VCID-nrc9-bdc2-dfes" }, { "vulnerability": "VCID-pvh4-3wng-ekdq" }, { "vulnerability": "VCID-tj2m-5j3f-5ueq" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vwv4-7y7y-9fcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6" } ], "aliases": [ "CVE-2025-68675", "GHSA-7c2f-r6gc-h92h", "PYSEC-2026-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vras-f42j-xqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8822?format=api", "vulnerability_id": "VCID-vy44-rbar-w3fn", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4368", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db" }, { "reference_url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352" }, { "reference_url": "https://github.com/apache/airflow/pull/32014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32014" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml" }, { "reference_url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908", "reference_id": "CVE-2023-35908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908" }, { "reference_url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj", "reference_id": "GHSA-2h84-3crq-vgfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-35908", "GHSA-2h84-3crq-vgfj", "PYSEC-2023-119" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy44-rbar-w3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9197?format=api", "vulnerability_id": "VCID-w8ff-8479-rbfq", "summary": "Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03097", "scoring_system": "epss", "scoring_elements": "0.87026", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034" }, { "reference_url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d" }, { "reference_url": "https://github.com/apache/airflow/pull/41672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/41672" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml" }, { "reference_url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/06/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/09/06/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034", "reference_id": "CVE-2024-45034", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034" }, { "reference_url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w", "reference_id": "GHSA-92xg-gmrq-5c3w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30935?format=api", "purl": "pkg:pypi/apache-airflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1" } ], "aliases": [ "CVE-2024-45034", "GHSA-92xg-gmrq-5c3w", "PYSEC-2024-212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-8479-rbfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9171?format=api", "vulnerability_id": "VCID-xwza-guvs-83a9", "summary": "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6303", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863" }, { "reference_url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58" }, { "reference_url": "https://github.com/apache/airflow/pull/40475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/40475" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml" }, { "reference_url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/16/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/16/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863", "reference_id": "CVE-2024-39863", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863" }, { "reference_url": "https://github.com/advisories/GHSA-j482-47xf-p25c", "reference_id": "GHSA-j482-47xf-p25c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j482-47xf-p25c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30929?format=api", "purl": "pkg:pypi/apache-airflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3" } ], "aliases": [ "CVE-2024-39863", "GHSA-j482-47xf-p25c", "PYSEC-2024-189" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwza-guvs-83a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8019?format=api", "vulnerability_id": "VCID-ygjc-77t9-yfge", "summary": "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65749", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17511" }, { "reference_url": "https://github.com/advisories/GHSA-cvcq-gmc3-q6m8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cvcq-gmc3-q6m8" }, { "reference_url": "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18075?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" } ], "aliases": [ "CVE-2020-17511", "GHSA-cvcq-gmc3-q6m8", "PYSEC-2020-262" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ygjc-77t9-yfge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7926?format=api", "vulnerability_id": "VCID-ykge-bnhg-g7c4", "summary": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05664", "scoring_system": "epss", "scoring_elements": "0.90516", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11982" }, { "reference_url": "https://github.com/advisories/GHSA-9g2w-5f3v-mfmm", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g2w-5f3v-mfmm" }, { "reference_url": "https://github.com/apache/airflow/pull/13612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/13612" }, { "reference_url": "https://github.com/apache/airflow/pull/7205", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/7205" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11982", "reference_id": "CVE-2020-11982", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11982" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16555?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-krjr-ctw4-r3d3" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/17081?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "CVE-2020-11982", "GHSA-9g2w-5f3v-mfmm", "PYSEC-2020-16" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykge-bnhg-g7c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9080?format=api", "vulnerability_id": "VCID-yrx8-dtav-83av", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16263", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b" }, { "reference_url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9" }, { "reference_url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7" }, { "reference_url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a" }, { "reference_url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326" }, { "reference_url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446" }, { "reference_url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24" }, { "reference_url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2" }, { "reference_url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4" }, { "reference_url": "https://github.com/apache/airflow/pull/37290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37290" }, { "reference_url": "https://github.com/apache/airflow/pull/37468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37468" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml" }, { "reference_url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/29/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/02/29/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906", "reference_id": "CVE-2024-27906", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906" }, { "reference_url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2", "reference_id": "GHSA-6v6w-h8m6-7mv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30912?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-974g-7wsa-dqd7" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "CVE-2024-27906", "GHSA-6v6w-h8m6-7mv2", "PYSEC-2024-245" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrx8-dtav-83av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7925?format=api", "vulnerability_id": "VCID-yz8w-uv1z-5ybw", "summary": "An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11981", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91588", "scoring_system": "epss", "scoring_elements": "0.99688", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11981" }, { "reference_url": "https://github.com/advisories/GHSA-976r-qfjj-c24w", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-976r-qfjj-c24w" }, { "reference_url": "https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2" }, { "reference_url": "https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11981", "reference_id": "CVE-2020-11981", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11981" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16555?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-2xpf-ut63-tbcx" }, { "vulnerability": "VCID-37nw-x186-puds" }, { "vulnerability": "VCID-4693-xwwu-7uem" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-5j9w-1tng-k3ac" }, { "vulnerability": "VCID-5ph5-s3qc-guf4" }, { "vulnerability": "VCID-5ufe-1rrj-rkgp" }, { "vulnerability": "VCID-6hxm-nnhg-buex" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-9f34-2r5y-sydz" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-bn9u-brjp-yudy" }, { "vulnerability": "VCID-ctd9-hxfn-8fcs" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-e19b-adrm-x7fu" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-fnsx-gtgn-27dr" }, { "vulnerability": "VCID-gbgf-jfzt-tqg1" }, { "vulnerability": "VCID-gg94-fdbv-y7g1" }, { "vulnerability": "VCID-gt7b-5554-y7dq" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-jrwf-mt69-1ydt" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-krjr-ctw4-r3d3" }, { "vulnerability": "VCID-ms13-tzaa-hkej" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-p42d-ta7v-7yhn" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-pqgj-ry81-6ua3" }, { "vulnerability": "VCID-qxnw-7urw-fud2" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-ssbp-gvfd-2kef" }, { "vulnerability": "VCID-tcjg-f9cn-mubj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-ygjc-77t9-yfge" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" } ], "aliases": [ "CVE-2020-11981", "GHSA-976r-qfjj-c24w", "PYSEC-2020-15" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yz8w-uv1z-5ybw" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.10rc2" }