Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/37307?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37307?format=api", "vulnerability_id": "VCID-gqmt-77ka-nbd4", "summary": "Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS upgrade, and capture the SMTP credentials sent during the subsequent `login()` call. Users are advised to upgrade to the `apache-airflow-providers-smtp` version that contains the fix.", "aliases": [ { "alias": "CVE-2026-41016" }, { "alias": "PYSEC-2026-24" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49983?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@3.0.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@3.0.0" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49947?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49948?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49949?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49950?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49951?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49952?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.3rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.3rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49953?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.0.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/49954?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49955?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49956?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49957?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49958?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49959?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.1.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49960?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.2.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.2.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49961?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49962?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.2.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.2.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49963?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.2.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49964?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49965?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49966?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49967?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49968?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49969?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.3.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49970?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.0rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49971?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49972?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49973?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49974?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49975?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.2" }, { "url": "http://public2.vulnerablecode.io/api/packages/49976?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.3rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.3rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49977?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/49978?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.4rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.4rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49979?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/49980?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.5rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.5rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/49981?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@2.4.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@2.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/49982?format=api", "purl": "pkg:pypi/apache-airflow-providers-smtp@3.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gqmt-77ka-nbd4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-smtp@3.0.0rc1" } ], "references": [ { "reference_url": "https://github.com/apache/airflow/pull/65346", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://github.com/apache/airflow/pull/65346" }, { "reference_url": "https://lists.apache.org/thread/gb202qy5r31bgdd3d51d7s5o1jh40kc4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://lists.apache.org/thread/gb202qy5r31bgdd3d51d7s5o1jh40kc4" } ], "weaknesses": [], "exploits": [], "severity_range_score": "5.9 - 5.9", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gqmt-77ka-nbd4" }