Search for packages
| purl | pkg:pypi/apache-airflow@2.10.4rc1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-2xr2-w3hk-auck
Aliases: CVE-2026-25917 PYSEC-2026-13 |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-91n6-evww-zybp
Aliases: CVE-2026-30912 PYSEC-2026-18 |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-dh4r-77xc-cbas
Aliases: CVE-2023-25693 GHSA-j69x-v4wc-3fpf PYSEC-2023-314 |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
Affected by 14 other vulnerabilities. |
|
VCID-t3ap-dzfp-1bd6
Aliases: CVE-2025-68675 GHSA-7c2f-r6gc-h92h PYSEC-2026-10 |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
Affected by 4 other vulnerabilities. Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:24:52.174937+00:00 | Pypa Importer | Affected by | VCID-91n6-evww-zybp | https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2026-18.yaml | 38.6.0 |
| 2026-06-02T04:24:51.019751+00:00 | Pypa Importer | Affected by | VCID-2xr2-w3hk-auck | https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2026-13.yaml | 38.6.0 |
| 2026-06-02T04:23:46.412402+00:00 | Pypa Importer | Affected by | VCID-t3ap-dzfp-1bd6 | https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2026-10.yaml | 38.6.0 |
| 2026-06-02T04:18:24.313593+00:00 | Pypa Importer | Affected by | VCID-dh4r-77xc-cbas | https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2023-314.yaml | 38.6.0 |