Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow@2.10.5
Typepypi
Namespace
Nameapache-airflow
Version2.10.5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.0
Latest_non_vulnerable_version3.2.0
Affected_by_vulnerabilities
0
url VCID-1azm-hsvr-f3e8
vulnerability_id VCID-1azm-hsvr-f3e8
summary 
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.

This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-25693
reference_id
reference_type
scores
0
value 0.03621
scoring_system epss
scoring_elements 0.87999
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-25693
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/pull/29500
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/apache/airflow/pull/29500
3
reference_url https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25693
reference_id CVE-2023-25693
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25693
5
reference_url https://github.com/advisories/GHSA-j69x-v4wc-3fpf
reference_id GHSA-j69x-v4wc-3fpf
reference_type
scores
url https://github.com/advisories/GHSA-j69x-v4wc-3fpf
fixed_packages
0
url pkg:pypi/apache-airflow@3.1.1
purl pkg:pypi/apache-airflow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4fjp-pn9s-tyhz
1
vulnerability VCID-9x6r-5m59-yyap
2
vulnerability VCID-bv7f-s53t-uqe4
3
vulnerability VCID-g8pv-cam5-d7dj
4
vulnerability VCID-j6uh-kx6m-sydp
5
vulnerability VCID-kmz1-dm9f-d7hj
6
vulnerability VCID-m3ff-jty5-3uhw
7
vulnerability VCID-nrc9-bdc2-dfes
8
vulnerability VCID-nrgz-jdnp-kyet
9
vulnerability VCID-pvh4-3wng-ekdq
10
vulnerability VCID-tj2m-5j3f-5ueq
11
vulnerability VCID-tpjn-4kru-vucv
12
vulnerability VCID-vras-f42j-xqfg
13
vulnerability VCID-vwv4-7y7y-9fcj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1
aliases CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1azm-hsvr-f3e8
1
url VCID-j6uh-kx6m-sydp
vulnerability_id VCID-j6uh-kx6m-sydp
summary 
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.

Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-25917
reference_id
reference_type
scores
0
value 0.00051
scoring_system epss
scoring_elements 0.16117
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-25917
1
reference_url https://github.com/apache/airflow/pull/61641
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://github.com/apache/airflow/pull/61641
2
reference_url https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po
3
reference_url http://www.openwall.com/lists/oss-security/2026/04/17/9
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2026/04/17/9
fixed_packages
0
url pkg:pypi/apache-airflow@3.2.0
purl pkg:pypi/apache-airflow@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0
aliases BIT-airflow-2026-25917, CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
risk_score 3.2
exploitability 0.5
weighted_severity 6.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uh-kx6m-sydp
2
url VCID-tpjn-4kru-vucv
vulnerability_id VCID-tpjn-4kru-vucv
summary In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-30912
reference_id
reference_type
scores
0
value 0.00095
scoring_system epss
scoring_elements 0.26413
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-30912
1
reference_url https://github.com/apache/airflow/pull/63028
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/apache/airflow/pull/63028
2
reference_url https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9
3
reference_url http://www.openwall.com/lists/oss-security/2026/04/17/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url http://www.openwall.com/lists/oss-security/2026/04/17/5
fixed_packages
0
url pkg:pypi/apache-airflow@3.2.0
purl pkg:pypi/apache-airflow@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0
aliases BIT-airflow-2026-30912, CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjn-4kru-vucv
3
url VCID-vras-f42j-xqfg
vulnerability_id VCID-vras-f42j-xqfg
summary 
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.

Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-68675
reference_id
reference_type
scores
0
value 0.00035
scoring_system epss
scoring_elements 0.10793
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-68675
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/pull/59688
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/apache/airflow/pull/59688
3
reference_url https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
4
reference_url http://www.openwall.com/lists/oss-security/2026/01/15/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url http://www.openwall.com/lists/oss-security/2026/01/15/6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68675
reference_id CVE-2025-68675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68675
6
reference_url https://github.com/advisories/GHSA-7c2f-r6gc-h92h
reference_id GHSA-7c2f-r6gc-h92h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7c2f-r6gc-h92h
fixed_packages
0
url pkg:pypi/apache-airflow@2.11.1
purl pkg:pypi/apache-airflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1azm-hsvr-f3e8
1
vulnerability VCID-j6uh-kx6m-sydp
2
vulnerability VCID-tpjn-4kru-vucv
3
vulnerability VCID-vras-f42j-xqfg
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1
1
url pkg:pypi/apache-airflow@3.1.6
purl pkg:pypi/apache-airflow@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9x6r-5m59-yyap
1
vulnerability VCID-bv7f-s53t-uqe4
2
vulnerability VCID-g8pv-cam5-d7dj
3
vulnerability VCID-j6uh-kx6m-sydp
4
vulnerability VCID-kmz1-dm9f-d7hj
5
vulnerability VCID-m3ff-jty5-3uhw
6
vulnerability VCID-nrc9-bdc2-dfes
7
vulnerability VCID-pvh4-3wng-ekdq
8
vulnerability VCID-tj2m-5j3f-5ueq
9
vulnerability VCID-tpjn-4kru-vucv
10
vulnerability VCID-vwv4-7y7y-9fcj
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6
aliases BIT-airflow-2025-68675, CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vras-f42j-xqfg
Fixing_vulnerabilities
Risk_score4.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.5