Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/30874?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/30874?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "type": "pypi", "namespace": "", "name": "apache-airflow", "version": "2.6.0b1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.0", "latest_non_vulnerable_version": "3.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8944?format=api", "vulnerability_id": "VCID-1963-1kyn-2ban", "summary": "We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24378", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33413" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml" }, { "reference_url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037", "reference_id": "CVE-2023-47037", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037" }, { "reference_url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9", "reference_id": "GHSA-hm9r-7f84-25c9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30900?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "CVE-2023-47037", "GHSA-hm9r-7f84-25c9", "PYSEC-2023-232" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1963-1kyn-2ban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8725?format=api", "vulnerability_id": "VCID-1azm-hsvr-f3e8", "summary": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03621", "scoring_system": "epss", "scoring_elements": "0.87999", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/29500", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/29500" }, { "reference_url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693", "reference_id": "CVE-2023-25693", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693" }, { "reference_url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf", "reference_id": "GHSA-j69x-v4wc-3fpf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30991?format=api", "purl": "pkg:pypi/apache-airflow@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4fjp-pn9s-tyhz" }, { "vulnerability": "VCID-9x6r-5m59-yyap" }, { "vulnerability": "VCID-bv7f-s53t-uqe4" }, { "vulnerability": "VCID-g8pv-cam5-d7dj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kmz1-dm9f-d7hj" }, { "vulnerability": "VCID-m3ff-jty5-3uhw" }, { "vulnerability": "VCID-nrc9-bdc2-dfes" }, { "vulnerability": "VCID-nrgz-jdnp-kyet" }, { "vulnerability": "VCID-pvh4-3wng-ekdq" }, { "vulnerability": "VCID-tj2m-5j3f-5ueq" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vwv4-7y7y-9fcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1" } ], "aliases": [ "CVE-2023-25693", "GHSA-j69x-v4wc-3fpf", "PYSEC-2023-314" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1azm-hsvr-f3e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8821?format=api", "vulnerability_id": "VCID-1ptn-xvsy-d3hu", "summary": "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74434", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315" }, { "reference_url": "https://github.com/apache/airflow/pull/32060", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32060" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml" }, { "reference_url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543", "reference_id": "CVE-2023-36543", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543" }, { "reference_url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m", "reference_id": "GHSA-3h4m-m55v-gx4m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-36543", "GHSA-3h4m-m55v-gx4m", "PYSEC-2023-106" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptn-xvsy-d3hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8798?format=api", "vulnerability_id": "VCID-1tvn-y85f-jkb9", "summary": "In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.\n\nThis vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.\n\n\nThis issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00227", "scoring_system": "epss", "scoring_elements": "0.45564", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35005" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/5679a01919ac9d5153e858f8b1390cbc7915f148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/5679a01919ac9d5153e858f8b1390cbc7915f148" }, { "reference_url": "https://github.com/apache/airflow/commit/f6cda8fb63250fc4700658999739c1c3c5f6625c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f6cda8fb63250fc4700658999739c1c3c5f6625c" }, { "reference_url": "https://github.com/apache/airflow/pull/31788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/31788" }, { "reference_url": "https://github.com/apache/airflow/pull/31820", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/31820" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-89.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-89.yaml" }, { "reference_url": "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35005", "reference_id": "CVE-2023-35005", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35005" }, { "reference_url": "https://github.com/advisories/GHSA-mjff-wv85-hmcj", "reference_id": "GHSA-mjff-wv85-hmcj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjff-wv85-hmcj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30885?format=api", "purl": "pkg:pypi/apache-airflow@2.6.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30887?format=api", "purl": "pkg:pypi/apache-airflow@2.6.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.2" } ], "aliases": [ "CVE-2023-35005", "GHSA-mjff-wv85-hmcj", "PYSEC-2023-89" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1tvn-y85f-jkb9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8862?format=api", "vulnerability_id": "VCID-2q7x-bua5-37h7", "summary": "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51144", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6" }, { "reference_url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b" }, { "reference_url": "https://github.com/apache/airflow/pull/33347", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/33347" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml" }, { "reference_url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/08/23/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://www.openwall.com/lists/oss-security/2023/08/23/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273", "reference_id": "CVE-2023-40273", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273" }, { "reference_url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9", "reference_id": "GHSA-pm87-24wq-r8w9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30892?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/30894?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1" } ], "aliases": [ "CVE-2023-40273", "GHSA-pm87-24wq-r8w9", "PYSEC-2023-158" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7x-bua5-37h7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=api", "vulnerability_id": "VCID-4btd-59ga-1yd4", "summary": "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00524", "scoring_system": "epss", "scoring_elements": "0.67272", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75" }, { "reference_url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e" }, { "reference_url": "https://github.com/apache/airflow/pull/30447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/30447" }, { "reference_url": "https://github.com/apache/airflow/pull/30779", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/30779" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml" }, { "reference_url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247", "reference_id": "CVE-2023-29247", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247" }, { "reference_url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr", "reference_id": "GHSA-vcf6-3wv2-5vcr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-29247", "GHSA-vcf6-3wv2-5vcr", "PYSEC-2023-60" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4btd-59ga-1yd4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9035?format=api", "vulnerability_id": "VCID-4u8d-ezsr-sqcz", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44037", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462" }, { "reference_url": "https://github.com/apache/airflow/pull/36255", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/36255" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml" }, { "reference_url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943", "reference_id": "CVE-2023-50943", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943" }, { "reference_url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2", "reference_id": "GHSA-c3c6-f2ww-xfr2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30907?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30908?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "CVE-2023-50943", "GHSA-c3c6-f2ww-xfr2", "PYSEC-2024-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4u8d-ezsr-sqcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8820?format=api", "vulnerability_id": "VCID-7z8j-8f4d-53dm", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37541", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8" }, { "reference_url": "https://github.com/apache/airflow/pull/32309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32309" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml" }, { "reference_url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651", "reference_id": "CVE-2022-46651", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651" }, { "reference_url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq", "reference_id": "GHSA-xvw9-3mhm-xjqq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2022-46651", "GHSA-xvw9-3mhm-xjqq", "PYSEC-2023-103" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7z8j-8f4d-53dm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9036?format=api", "vulnerability_id": "VCID-82p8-yujf-hkdd", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34758", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1" }, { "reference_url": "https://github.com/apache/airflow/pull/36257", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/36257" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml" }, { "reference_url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944", "reference_id": "CVE-2023-50944", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944" }, { "reference_url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w", "reference_id": "GHSA-vm5m-qmrx-fw8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30907?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30908?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "CVE-2023-50944", "GHSA-vm5m-qmrx-fw8w", "PYSEC-2024-14" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-82p8-yujf-hkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9192?format=api", "vulnerability_id": "VCID-8m3p-yzr8-yyhj", "summary": "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00852", "scoring_system": "epss", "scoring_elements": "0.75225", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937" }, { "reference_url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98" }, { "reference_url": "https://github.com/apache/airflow/pull/40933", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/40933" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml" }, { "reference_url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/08/21/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/08/21/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937", "reference_id": "CVE-2024-41937", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937" }, { "reference_url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m", "reference_id": "GHSA-w7cp-g8v7-r54m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30933?format=api", "purl": "pkg:pypi/apache-airflow@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-s7es-yfst-8kce" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0" } ], "aliases": [ "CVE-2024-41937", "GHSA-w7cp-g8v7-r54m", "PYSEC-2024-181" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3p-yzr8-yyhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8881?format=api", "vulnerability_id": "VCID-8npr-rvfd-jkfj", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00124", "scoring_system": "epss", "scoring_elements": "0.31182", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33413" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml" }, { "reference_url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611", "reference_id": "CVE-2023-40611", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611" }, { "reference_url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92", "reference_id": "GHSA-wpg8-mf6h-gm92", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30896?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "CVE-2023-40611", "GHSA-wpg8-mf6h-gm92", "PYSEC-2023-170" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8npr-rvfd-jkfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8909?format=api", "vulnerability_id": "VCID-8ykk-1kak-6bfd", "summary": "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32066", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780" }, { "reference_url": "https://github.com/apache/airflow/pull/34355", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/34355" }, { "reference_url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780", "reference_id": "CVE-2023-42780", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780" }, { "reference_url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43", "reference_id": "GHSA-cgx2-rrmr-jx43", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42780", "GHSA-cgx2-rrmr-jx43", "PYSEC-2023-202" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ykk-1kak-6bfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=api", "vulnerability_id": "VCID-arbk-dryb-qkda", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45465", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa" }, { "reference_url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99" }, { "reference_url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e" }, { "reference_url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d" }, { "reference_url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f" }, { "reference_url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c" }, { "reference_url": "https://github.com/apache/airflow/pull/37501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37501" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml" }, { "reference_url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/01/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/03/01/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280", "reference_id": "CVE-2024-26280", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280" }, { "reference_url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459", "reference_id": "GHSA-6xwf-xvf3-v459", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30912?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-974g-7wsa-dqd7" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "CVE-2024-26280", "GHSA-6xwf-xvf3-v459", "PYSEC-2024-42" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-arbk-dryb-qkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8823?format=api", "vulnerability_id": "VCID-d3kc-fn21-xqar", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.70855", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml" }, { "reference_url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887", "reference_id": "CVE-2023-22887", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887" }, { "reference_url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv", "reference_id": "GHSA-ggwr-4vr8-g7wv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-22887", "GHSA-ggwr-4vr8-g7wv", "PYSEC-2023-104" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d3kc-fn21-xqar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8824?format=api", "vulnerability_id": "VCID-dk1y-938p-k3bv", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35419", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml" }, { "reference_url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888", "reference_id": "CVE-2023-22888", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888" }, { "reference_url": "https://github.com/advisories/GHSA-5946-8p38-vffp", "reference_id": "GHSA-5946-8p38-vffp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5946-8p38-vffp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-22888", "GHSA-5946-8p38-vffp", "PYSEC-2023-105" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk1y-938p-k3bv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8943?format=api", "vulnerability_id": "VCID-fctg-457f-4uae", "summary": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17222", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3" }, { "reference_url": "https://github.com/apache/airflow/pull/34939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/34939" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml" }, { "reference_url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781", "reference_id": "CVE-2023-42781", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781" }, { "reference_url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv", "reference_id": "GHSA-r7x6-xfcm-3mxv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30900?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "CVE-2023-42781", "GHSA-r7x6-xfcm-3mxv", "PYSEC-2023-231" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fctg-457f-4uae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8908?format=api", "vulnerability_id": "VCID-hgq2-kuex-y3a3", "summary": "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61013", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/34315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/34315" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml" }, { "reference_url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663", "reference_id": "CVE-2023-42663", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663" }, { "reference_url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp", "reference_id": "GHSA-32wr-qqw6-5mfp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42663", "GHSA-32wr-qqw6-5mfp", "PYSEC-2023-197" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hgq2-kuex-y3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9153?format=api", "vulnerability_id": "VCID-hpf3-3z3m-6ydt", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27723", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142" }, { "reference_url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3" }, { "reference_url": "https://github.com/apache/airflow/pull/39550", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/39550" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml" }, { "reference_url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/13/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/13/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142", "reference_id": "CVE-2024-25142", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142" }, { "reference_url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2", "reference_id": "GHSA-9xpj-62mm-24h2", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30927?format=api", "purl": "pkg:pypi/apache-airflow@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2" } ], "aliases": [ "CVE-2024-25142", "GHSA-9xpj-62mm-24h2", "PYSEC-2024-195" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpf3-3z3m-6ydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9628?format=api", "vulnerability_id": "VCID-j6uh-kx6m-sydp", "summary": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16117", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917" }, { "reference_url": "https://github.com/apache/airflow/pull/61641", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/61641" }, { "reference_url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48415?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "CVE-2026-25917", "PYSEC-2026-13" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uh-kx6m-sydp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9269?format=api", "vulnerability_id": "VCID-kb4a-mm13-63bj", "summary": "Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01059", "scoring_system": "epss", "scoring_elements": "0.77938", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784" }, { "reference_url": "https://github.com/apache/airflow/pull/43040", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/43040" }, { "reference_url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/11/15/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/11/15/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30940?format=api", "purl": "pkg:pypi/apache-airflow@2.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3" } ], "aliases": [ "CVE-2024-45784", "PYSEC-2024-182" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kb4a-mm13-63bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=api", "vulnerability_id": "VCID-kgfb-yphg-n3ec", "summary": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66216", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473" }, { "reference_url": "https://github.com/apache/airflow/pull/29506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29506" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/2.6.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/releases/tag/2.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml" }, { "reference_url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/05/08/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2023/05/08/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754", "reference_id": "CVE-2023-25754", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754" }, { "reference_url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp", "reference_id": "GHSA-jchm-fm4q-c2fp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-25754", "GHSA-jchm-fm4q-c2fp", "PYSEC-2023-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfb-yphg-n3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9172?format=api", "vulnerability_id": "VCID-mbgq-fq5n-kufh", "summary": "Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00128", "scoring_system": "epss", "scoring_elements": "0.31823", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39877" }, { "reference_url": "https://github.com/apache/airflow/commit/8159f6e24704f5e0e3b3217cf79ecf5083dce531", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/8159f6e24704f5e0e3b3217cf79ecf5083dce531" }, { "reference_url": "https://github.com/apache/airflow/pull/40522", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/40522" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-190.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-190.yaml" }, { "reference_url": "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/16/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/16/7" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39877", "reference_id": "CVE-2024-39877", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39877" }, { "reference_url": "https://github.com/advisories/GHSA-g5hv-r743-v8pm", "reference_id": "GHSA-g5hv-r743-v8pm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g5hv-r743-v8pm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30929?format=api", "purl": "pkg:pypi/apache-airflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3" } ], "aliases": [ "CVE-2024-39877", "GHSA-g5hv-r743-v8pm", "PYSEC-2024-190" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgq-fq5n-kufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8986?format=api", "vulnerability_id": "VCID-nfbc-tutd-37bw", "summary": "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12945", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929" }, { "reference_url": "https://github.com/apache/airflow/pull/33932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/apache/airflow/pull/33932" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml" }, { "reference_url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783", "reference_id": "CVE-2023-50783", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783" }, { "reference_url": "https://github.com/advisories/GHSA-5938-79hg-xh3q", "reference_id": "GHSA-5938-79hg-xh3q", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5938-79hg-xh3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30906?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "CVE-2023-50783", "GHSA-5938-79hg-xh3q", "PYSEC-2023-267" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nfbc-tutd-37bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8846?format=api", "vulnerability_id": "VCID-pb3b-22wk-pbh5", "summary": "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65433", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8" }, { "reference_url": "https://github.com/apache/airflow/pull/29706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29706" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml" }, { "reference_url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508", "reference_id": "CVE-2023-39508", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508" }, { "reference_url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm", "reference_id": "GHSA-269x-pg5c-5xgm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-39508", "GHSA-269x-pg5c-5xgm", "PYSEC-2023-134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb3b-22wk-pbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8911?format=api", "vulnerability_id": "VCID-pmtw-nwnc-nyfw", "summary": "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69268", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/34366", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://github.com/apache/airflow/pull/34366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml" }, { "reference_url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792", "reference_id": "CVE-2023-42792", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792" }, { "reference_url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9", "reference_id": "GHSA-j3w8-2p2h-mrr9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-42792", "GHSA-j3w8-2p2h-mrr9", "PYSEC-2023-203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtw-nwnc-nyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8987?format=api", "vulnerability_id": "VCID-rysu-xhvt-yqda", "summary": "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2562", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c" }, { "reference_url": "https://github.com/apache/airflow/pull/34366", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/34366" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml" }, { "reference_url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291", "reference_id": "CVE-2023-48291", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291" }, { "reference_url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh", "reference_id": "GHSA-8f57-wcmg-4jmh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30906?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "CVE-2023-48291", "GHSA-8f57-wcmg-4jmh", "PYSEC-2023-265" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rysu-xhvt-yqda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8880?format=api", "vulnerability_id": "VCID-s49h-br5r-5yh8", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33236", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e" }, { "reference_url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148" }, { "reference_url": "https://github.com/apache/airflow/pull/33512", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33512" }, { "reference_url": "https://github.com/apache/airflow/pull/33516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/33516" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml" }, { "reference_url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712", "reference_id": "CVE-2023-40712", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712" }, { "reference_url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw", "reference_id": "GHSA-mjqh-v5f2-g2mw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30896?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "CVE-2023-40712", "GHSA-mjqh-v5f2-g2mw", "PYSEC-2023-171" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s49h-br5r-5yh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9629?format=api", "vulnerability_id": "VCID-tpjn-4kru-vucv", "summary": "In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00095", "scoring_system": "epss", "scoring_elements": "0.26413", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912" }, { "reference_url": "https://github.com/apache/airflow/pull/63028", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/63028" }, { "reference_url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48415?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "CVE-2026-30912", "PYSEC-2026-18" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjn-4kru-vucv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8863?format=api", "vulnerability_id": "VCID-vj7z-pmk3-cydg", "summary": "Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40518", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603" }, { "reference_url": "https://github.com/apache/airflow/pull/32052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://github.com/apache/airflow/pull/32052" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml" }, { "reference_url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/23/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2023/08/23/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379", "reference_id": "CVE-2023-37379", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379" }, { "reference_url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh", "reference_id": "GHSA-x2mh-8fmc-rqgh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30890?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30893?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-g9j4-fhpm-uuba" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" } ], "aliases": [ "CVE-2023-37379", "GHSA-x2mh-8fmc-rqgh", "PYSEC-2023-152" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7z-pmk3-cydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9521?format=api", "vulnerability_id": "VCID-vras-f42j-xqfg", "summary": "In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00035", "scoring_system": "epss", "scoring_elements": "0.10793", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/59688", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/59688" }, { "reference_url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/15/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675", "reference_id": "CVE-2025-68675", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675" }, { "reference_url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h", "reference_id": "GHSA-7c2f-r6gc-h92h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30949?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/45988?format=api", "purl": "pkg:pypi/apache-airflow@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9x6r-5m59-yyap" }, { "vulnerability": "VCID-bv7f-s53t-uqe4" }, { "vulnerability": "VCID-g8pv-cam5-d7dj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kmz1-dm9f-d7hj" }, { "vulnerability": "VCID-m3ff-jty5-3uhw" }, { "vulnerability": "VCID-nrc9-bdc2-dfes" }, { "vulnerability": "VCID-pvh4-3wng-ekdq" }, { "vulnerability": "VCID-tj2m-5j3f-5ueq" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vwv4-7y7y-9fcj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6" } ], "aliases": [ "CVE-2025-68675", "GHSA-7c2f-r6gc-h92h", "PYSEC-2026-10" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vras-f42j-xqfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8822?format=api", "vulnerability_id": "VCID-vy44-rbar-w3fn", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4368", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db" }, { "reference_url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352" }, { "reference_url": "https://github.com/apache/airflow/pull/32014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/32014" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml" }, { "reference_url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908", "reference_id": "CVE-2023-35908", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908" }, { "reference_url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj", "reference_id": "GHSA-2h84-3crq-vgfj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30889?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "CVE-2023-35908", "GHSA-2h84-3crq-vgfj", "PYSEC-2023-119" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vy44-rbar-w3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9197?format=api", "vulnerability_id": "VCID-w8ff-8479-rbfq", "summary": "Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03097", "scoring_system": "epss", "scoring_elements": "0.87026", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034" }, { "reference_url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d" }, { "reference_url": "https://github.com/apache/airflow/pull/41672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/41672" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml" }, { "reference_url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/06/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/09/06/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034", "reference_id": "CVE-2024-45034", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034" }, { "reference_url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w", "reference_id": "GHSA-92xg-gmrq-5c3w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30935?format=api", "purl": "pkg:pypi/apache-airflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1" } ], "aliases": [ "CVE-2024-45034", "GHSA-92xg-gmrq-5c3w", "PYSEC-2024-212" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-8479-rbfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9171?format=api", "vulnerability_id": "VCID-xwza-guvs-83a9", "summary": "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.6303", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863" }, { "reference_url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58" }, { "reference_url": "https://github.com/apache/airflow/pull/40475", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/apache/airflow/pull/40475" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml" }, { "reference_url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/16/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/16/6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863", "reference_id": "CVE-2024-39863", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863" }, { "reference_url": "https://github.com/advisories/GHSA-j482-47xf-p25c", "reference_id": "GHSA-j482-47xf-p25c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j482-47xf-p25c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30929?format=api", "purl": "pkg:pypi/apache-airflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3" } ], "aliases": [ "CVE-2024-39863", "GHSA-j482-47xf-p25c", "PYSEC-2024-189" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xwza-guvs-83a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9080?format=api", "vulnerability_id": "VCID-yrx8-dtav-83av", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16263", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b" }, { "reference_url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9" }, { "reference_url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7" }, { "reference_url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a" }, { "reference_url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326" }, { "reference_url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446" }, { "reference_url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24" }, { "reference_url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2" }, { "reference_url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4" }, { "reference_url": "https://github.com/apache/airflow/pull/37290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37290" }, { "reference_url": "https://github.com/apache/airflow/pull/37468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/37468" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml" }, { "reference_url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/29/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2024/02/29/1" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906", "reference_id": "CVE-2024-27906", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906" }, { "reference_url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2", "reference_id": "GHSA-6v6w-h8m6-7mv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30912?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-974g-7wsa-dqd7" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-k4r8-a72h-fkdf" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "CVE-2024-27906", "GHSA-6v6w-h8m6-7mv2", "PYSEC-2024-245" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrx8-dtav-83av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8927?format=api", "vulnerability_id": "VCID-z5b8-kcbh-m7hr", "summary": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00586", "scoring_system": "epss", "scoring_elements": "0.69398", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46288" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4a525e85e31b26d413c986c86d181114bb37bd06", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/4a525e85e31b26d413c986c86d181114bb37bd06" }, { "reference_url": "https://github.com/apache/airflow/pull/32261", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/32261" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-218.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-218.yaml" }, { "reference_url": "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46288", "reference_id": "CVE-2023-46288", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46288" }, { "reference_url": "https://github.com/advisories/GHSA-9qqg-mh7c-chfq", "reference_id": "GHSA-9qqg-mh7c-chfq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9qqg-mh7c-chfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30893?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-63fw-ggbk-9ycy" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-g9j4-fhpm-uuba" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/30898?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-unq1-wwfg-6ydk" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "CVE-2023-46288", "GHSA-9qqg-mh7c-chfq", "PYSEC-2023-218" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z5b8-kcbh-m7hr" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=api", "vulnerability_id": "VCID-kgfb-yphg-n3ec", "summary": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66216", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473" }, { "reference_url": "https://github.com/apache/airflow/pull/29506", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29506" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/2.6.0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/releases/tag/2.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml" }, { "reference_url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/05/08/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.openwall.com/lists/oss-security/2023/05/08/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754", "reference_id": "CVE-2023-25754", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754" }, { "reference_url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp", "reference_id": "GHSA-jchm-fm4q-c2fp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30874?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-25754", "GHSA-jchm-fm4q-c2fp", "PYSEC-2023-59" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfb-yphg-n3ec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8846?format=api", "vulnerability_id": "VCID-pb3b-22wk-pbh5", "summary": "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65433", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8" }, { "reference_url": "https://github.com/apache/airflow/pull/29706", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/29706" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml" }, { "reference_url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508", "reference_id": "CVE-2023-39508", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508" }, { "reference_url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm", "reference_id": "GHSA-269x-pg5c-5xgm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30874?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4btd-59ga-1yd4" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-kgfb-yphg-n3ec" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pb3b-22wk-pbh5" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30880?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1963-1kyn-2ban" }, { "vulnerability": "VCID-1azm-hsvr-f3e8" }, { "vulnerability": "VCID-1ptn-xvsy-d3hu" }, { "vulnerability": "VCID-1tvn-y85f-jkb9" }, { "vulnerability": "VCID-2q7x-bua5-37h7" }, { "vulnerability": "VCID-4u8d-ezsr-sqcz" }, { "vulnerability": "VCID-7z8j-8f4d-53dm" }, { "vulnerability": "VCID-82p8-yujf-hkdd" }, { "vulnerability": "VCID-8m3p-yzr8-yyhj" }, { "vulnerability": "VCID-8npr-rvfd-jkfj" }, { "vulnerability": "VCID-8ykk-1kak-6bfd" }, { "vulnerability": "VCID-arbk-dryb-qkda" }, { "vulnerability": "VCID-cxqa-pqca-pqgc" }, { "vulnerability": "VCID-d3kc-fn21-xqar" }, { "vulnerability": "VCID-dk1y-938p-k3bv" }, { "vulnerability": "VCID-fctg-457f-4uae" }, { "vulnerability": "VCID-hgq2-kuex-y3a3" }, { "vulnerability": "VCID-hpf3-3z3m-6ydt" }, { "vulnerability": "VCID-j6uh-kx6m-sydp" }, { "vulnerability": "VCID-kb4a-mm13-63bj" }, { "vulnerability": "VCID-mbgq-fq5n-kufh" }, { "vulnerability": "VCID-nfbc-tutd-37bw" }, { "vulnerability": "VCID-pmtw-nwnc-nyfw" }, { "vulnerability": "VCID-rysu-xhvt-yqda" }, { "vulnerability": "VCID-s49h-br5r-5yh8" }, { "vulnerability": "VCID-tpjn-4kru-vucv" }, { "vulnerability": "VCID-vj7z-pmk3-cydg" }, { "vulnerability": "VCID-vras-f42j-xqfg" }, { "vulnerability": "VCID-vy44-rbar-w3fn" }, { "vulnerability": "VCID-w8ff-8479-rbfq" }, { "vulnerability": "VCID-xwza-guvs-83a9" }, { "vulnerability": "VCID-yrx8-dtav-83av" }, { "vulnerability": "VCID-z5b8-kcbh-m7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "CVE-2023-39508", "GHSA-269x-pg5c-5xgm", "PYSEC-2023-134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pb3b-22wk-pbh5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }