Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37288?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37288?format=api", "vulnerability_id": "VCID-xd5g-jkrd-67cr", "summary": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which resolves this issue.", "aliases": [ { "alias": "CVE-2026-33858" }, { "alias": "PYSEC-2026-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49522?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/48814?format=api", "purl": "pkg:pypi/apache-airflow@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-etmw-7eq5-mqa2" }, { "vulnerability": "VCID-geg4-1kgh-akde" }, { "vulnerability": "VCID-w56f-fmkf-dkfv" }, { "vulnerability": "VCID-xd5g-jkrd-67cr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/49518?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-etmw-7eq5-mqa2" }, { "vulnerability": "VCID-geg4-1kgh-akde" }, { "vulnerability": "VCID-w56f-fmkf-dkfv" }, { "vulnerability": "VCID-xd5g-jkrd-67cr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49519?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0b2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-etmw-7eq5-mqa2" }, { "vulnerability": "VCID-geg4-1kgh-akde" }, { "vulnerability": "VCID-w56f-fmkf-dkfv" }, { "vulnerability": "VCID-xd5g-jkrd-67cr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0b2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49520?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-etmw-7eq5-mqa2" }, { "vulnerability": "VCID-geg4-1kgh-akde" }, { "vulnerability": "VCID-w56f-fmkf-dkfv" }, { "vulnerability": "VCID-xd5g-jkrd-67cr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49521?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2xr2-w3hk-auck" }, { "vulnerability": "VCID-91n6-evww-zybp" }, { "vulnerability": "VCID-etmw-7eq5-mqa2" }, { "vulnerability": "VCID-geg4-1kgh-akde" }, { "vulnerability": "VCID-w56f-fmkf-dkfv" }, { "vulnerability": "VCID-xd5g-jkrd-67cr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0rc2" } ], "references": [ { "reference_url": "https://github.com/apache/airflow/pull/64148", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://github.com/apache/airflow/pull/64148" }, { "reference_url": "https://lists.apache.org/thread/1npt3o2x81s0gw9tmfcv4n7p1z9hdmy0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://lists.apache.org/thread/1npt3o2x81s0gw9tmfcv4n7p1z9hdmy0" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/13/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/13/7" } ], "weaknesses": [], "exploits": [], "severity_range_score": "8.8 - 8.8", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xd5g-jkrd-67cr" }