Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-snqz-3f8t-syhd

Summary

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.

Users are recommended to upgrade to version 3.1.4, which fixes this issue.

Aliases

alias	CVE-2025-66388

alias	GHSA-fv47-pqh6-wxgq

alias	PYSEC-2025-86

Fixed_packages

url pkg:pypi/apache-airflow@3.1.4

purl pkg:pypi/apache-airflow@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.4

url pkg:pypi/apache-airflow@3.1.5

purl pkg:pypi/apache-airflow@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.5

Affected_packages

url pkg:pypi/apache-airflow@3.1.0

purl pkg:pypi/apache-airflow@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.0

url pkg:pypi/apache-airflow@3.1.1rc1

purl pkg:pypi/apache-airflow@3.1.1rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1rc1

url pkg:pypi/apache-airflow@3.1.1rc2

purl pkg:pypi/apache-airflow@3.1.1rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-dh4r-77xc-cbas

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1rc2

url pkg:pypi/apache-airflow@3.1.1

purl pkg:pypi/apache-airflow@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1

url pkg:pypi/apache-airflow@3.1.2rc1

purl pkg:pypi/apache-airflow@3.1.2rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.2rc1

url pkg:pypi/apache-airflow@3.1.2rc2

purl pkg:pypi/apache-airflow@3.1.2rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.2rc2

url pkg:pypi/apache-airflow@3.1.2

purl pkg:pypi/apache-airflow@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.2

url pkg:pypi/apache-airflow@3.1.3rc1

purl pkg:pypi/apache-airflow@3.1.3rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.3rc1

url pkg:pypi/apache-airflow@3.1.3

purl pkg:pypi/apache-airflow@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.3

url pkg:pypi/apache-airflow@3.1.4rc1

purl pkg:pypi/apache-airflow@3.1.4rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.4rc1

url pkg:pypi/apache-airflow@3.1.4rc2

purl pkg:pypi/apache-airflow@3.1.4rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2b14-1bp2-gua6

vulnerability	VCID-2xr2-w3hk-auck

vulnerability	VCID-5hxx-r2d2-9ybk

vulnerability	VCID-91n6-evww-zybp

vulnerability	VCID-9j1n-cypf-p7g5

vulnerability	VCID-etmw-7eq5-mqa2

vulnerability	VCID-ezmu-8g1y-e3hz

vulnerability	VCID-geg4-1kgh-akde

vulnerability	VCID-hkwf-65vr-dkfz

vulnerability	VCID-knrd-atwy-gubn

vulnerability	VCID-snqz-3f8t-syhd

vulnerability	VCID-t3ap-dzfp-1bd6

vulnerability	VCID-tbb9-myv7-a7h4

vulnerability	VCID-w56f-fmkf-dkfv

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.4rc2

References

reference_url	https://github.com/apache/airflow
reference_id
reference_type
scores
url	https://github.com/apache/airflow

reference_url	https://github.com/apache/airflow/pull/58767
reference_id
reference_type
scores
url	https://github.com/apache/airflow/pull/58767

reference_url

https://github.com/apache/airflow/pull/58772

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://github.com/apache/airflow/pull/58772

reference_url

https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://lists.apache.org/thread/mv9hzsx8grjf7gdlkxwppnpbtogtls2g

reference_url

http://www.openwall.com/lists/oss-security/2025/12/12/1

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

http://www.openwall.com/lists/oss-security/2025/12/12/1

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2025-66388
reference_id	CVE-2025-66388
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2025-66388

reference_url	https://github.com/advisories/GHSA-fv47-pqh6-wxgq
reference_id	GHSA-fv47-pqh6-wxgq
reference_type
scores
url	https://github.com/advisories/GHSA-fv47-pqh6-wxgq

Weaknesses

cwe_id	201
name	Insertion of Sensitive Information Into Sent Data
description	The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score 6.5 - 6.5

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snqz-3f8t-syhd

Vulnerability Instance