{"url":"http://public2.vulnerablecode.io/api/packages/14461?format=json","purl":"pkg:pypi/apache-airflow@1.10.5","type":"pypi","namespace":"","name":"apache-airflow","version":"1.10.5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.0","latest_non_vulnerable_version":"3.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36041?format=json","vulnerability_id":"VCID-2fnz-jqpe-nuau","summary":"It was discovered that the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.","references":[{"reference_url":"https://github.com/advisories/GHSA-65xw-pcqw-hjrh","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-65xw-pcqw-hjrh"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml"},{"reference_url":"https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45229","reference_id":"CVE-2021-45229","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45229"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26750?format=json","purl":"pkg:pypi/apache-airflow@2.2.4rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1"}],"aliases":["CVE-2021-45229","GHSA-65xw-pcqw-hjrh","PYSEC-2022-29"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2fnz-jqpe-nuau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37294?format=json","vulnerability_id":"VCID-2xr2-w3hk-auck","summary":"Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://github.com/apache/airflow/pull/61641","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/apache/airflow/pull/61641"},{"reference_url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/9","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49522?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["CVE-2026-25917","PYSEC-2026-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2xr2-w3hk-auck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36291?format=json","vulnerability_id":"VCID-2ysx-9hz5-fyfm","summary":"In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.","references":[{"reference_url":"https://github.com/apache/airflow/pull/27143","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/27143"},{"reference_url":"https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29670?format=json","purl":"pkg:pypi/apache-airflow@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2"}],"aliases":["CVE-2022-43985","PYSEC-2022-42971"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2ysx-9hz5-fyfm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36650?format=json","vulnerability_id":"VCID-3h3z-bfsc-jqax","summary":"Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929"},{"reference_url":"https://github.com/apache/airflow/pull/33932","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://github.com/apache/airflow/pull/33932"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml"},{"reference_url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783","reference_id":"CVE-2023-50783","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783"},{"reference_url":"https://github.com/advisories/GHSA-5938-79hg-xh3q","reference_id":"GHSA-5938-79hg-xh3q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5938-79hg-xh3q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32013?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["CVE-2023-50783","GHSA-5938-79hg-xh3q","PYSEC-2023-267"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3h3z-bfsc-jqax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36700?format=json","vulnerability_id":"VCID-4ga6-4111-dyc9","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1"},{"reference_url":"https://github.com/apache/airflow/pull/36257","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/36257"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml"},{"reference_url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944","reference_id":"CVE-2023-50944","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944"},{"reference_url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w","reference_id":"GHSA-vm5m-qmrx-fw8w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32014?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/32015?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["CVE-2023-50944","GHSA-vm5m-qmrx-fw8w","PYSEC-2024-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ga6-4111-dyc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36311?format=json","vulnerability_id":"VCID-4xax-xw67-2qfv","summary":"A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.","references":[{"reference_url":"https://github.com/apache/airflow/pull/22754","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/22754"},{"reference_url":"https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/14/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/11/14/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29109?format=json","purl":"pkg:pypi/apache-airflow@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4bps-htex-tqgk"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5nys-mzgw-4khd"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6pk8-baws-e3dt"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1"}],"aliases":["CVE-2022-27949","PYSEC-2022-42981"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xax-xw67-2qfv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35588?format=json","vulnerability_id":"VCID-4xdb-1kww-sfdh","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.","references":[{"reference_url":"https://github.com/advisories/GHSA-rvmq-4x66-q7j3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rvmq-4x66-q7j3"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17780?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["CVE-2020-11978","GHSA-rvmq-4x66-q7j3","PYSEC-2020-14"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4xdb-1kww-sfdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36861?format=json","vulnerability_id":"VCID-56eq-awhd-d3fr","summary":"Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow/pull/41672","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/41672"},{"reference_url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/09/06/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2024/09/06/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32042?format=json","purl":"pkg:pypi/apache-airflow@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1"}],"aliases":["CVE-2024-45034","PYSEC-2024-212"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56eq-awhd-d3fr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36572?format=json","vulnerability_id":"VCID-5cpd-kjpb-ekhv","summary":"Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/34315","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/34315"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml"},{"reference_url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663","reference_id":"CVE-2023-42663","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663"},{"reference_url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp","reference_id":"GHSA-32wr-qqw6-5mfp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32005?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["CVE-2023-42663","GHSA-32wr-qqw6-5mfp","PYSEC-2023-197"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cpd-kjpb-ekhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36290?format=json","vulnerability_id":"VCID-5yxa-ubfq-fqdx","summary":"In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.","references":[{"reference_url":"https://github.com/apache/airflow/pull/27143","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/27143"},{"reference_url":"https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29670?format=json","purl":"pkg:pypi/apache-airflow@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2"}],"aliases":["CVE-2022-43982","PYSEC-2022-42970"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5yxa-ubfq-fqdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36544?format=json","vulnerability_id":"VCID-5zmy-2ape-7qfa","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e"},{"reference_url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148"},{"reference_url":"https://github.com/apache/airflow/pull/33512","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/33512"},{"reference_url":"https://github.com/apache/airflow/pull/33516","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/33516"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml"},{"reference_url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712","reference_id":"CVE-2023-40712","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712"},{"reference_url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw","reference_id":"GHSA-mjqh-v5f2-g2mw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32003?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jx5-34px-ukbz"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["CVE-2023-40712","GHSA-mjqh-v5f2-g2mw","PYSEC-2023-171"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5zmy-2ape-7qfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36517?format=json","vulnerability_id":"VCID-6gjt-zsju-47a3","summary":"Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110"},{"reference_url":"https://github.com/apache/airflow/pull/33074","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/33074"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml"},{"reference_url":"https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/08/11/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2023/08/11/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/11/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2023/08/11/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39553","reference_id":"CVE-2023-39553","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39553"},{"reference_url":"https://github.com/advisories/GHSA-mq4v-6vg4-796c","reference_id":"GHSA-mq4v-6vg4-796c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-mq4v-6vg4-796c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29765?format=json","purl":"pkg:pypi/apache-airflow@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3"}],"aliases":["CVE-2023-39553","GHSA-mq4v-6vg4-796c","PYSEC-2023-136"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6gjt-zsju-47a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35427?format=json","vulnerability_id":"VCID-6ksf-tekv-dud3","summary":"A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver process.","references":[{"reference_url":"https://github.com/advisories/GHSA-q3p4-gw7r-wqjc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q3p4-gw7r-wqjc"},{"reference_url":"https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14462?format=json","purl":"pkg:pypi/apache-airflow@1.10.6rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-4xdb-1kww-sfdh"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-bwd5-3jt5-pyb8"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-jq98-gxbc-pydt"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-p9we-cpy2-17h4"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"},{"vulnerability":"VCID-z4w8-3mr1-63ed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6rc1"}],"aliases":["CVE-2019-12417","GHSA-q3p4-gw7r-wqjc","PYSEC-2019-216"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ksf-tekv-dud3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36744?format=json","vulnerability_id":"VCID-6vg9-hu9u-q7c3","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b"},{"reference_url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9"},{"reference_url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7"},{"reference_url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a"},{"reference_url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326"},{"reference_url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446"},{"reference_url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24"},{"reference_url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2"},{"reference_url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4"},{"reference_url":"https://github.com/apache/airflow/pull/37290","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/37290"},{"reference_url":"https://github.com/apache/airflow/pull/37468","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/37468"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml"},{"reference_url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/29/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2024/02/29/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906","reference_id":"CVE-2024-27906","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906"},{"reference_url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2","reference_id":"GHSA-6v6w-h8m6-7mv2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32019?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-egd2-gh55-qfgj"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["CVE-2024-27906","GHSA-6v6w-h8m6-7mv2","PYSEC-2024-245"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vg9-hu9u-q7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36486?format=json","vulnerability_id":"VCID-71hr-1ews-9qa6","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db"},{"reference_url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352"},{"reference_url":"https://github.com/apache/airflow/pull/32014","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/32014"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml"},{"reference_url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908","reference_id":"CVE-2023-35908","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908"},{"reference_url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj","reference_id":"GHSA-2h84-3crq-vgfj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31996?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["CVE-2023-35908","GHSA-2h84-3crq-vgfj","PYSEC-2023-119"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-71hr-1ews-9qa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35692?format=json","vulnerability_id":"VCID-82kk-s7d6-f7he","summary":"In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.","references":[{"reference_url":"https://github.com/advisories/GHSA-cvcq-gmc3-q6m8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cvcq-gmc3-q6m8"},{"reference_url":"https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19300?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"}],"aliases":["CVE-2020-17511","GHSA-cvcq-gmc3-q6m8","PYSEC-2020-262"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82kk-s7d6-f7he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36745?format=json","vulnerability_id":"VCID-835a-arqz-g7h7","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa"},{"reference_url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99"},{"reference_url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e"},{"reference_url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d"},{"reference_url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f"},{"reference_url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c"},{"reference_url":"https://github.com/apache/airflow/pull/37501","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/37501"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml"},{"reference_url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280","reference_id":"CVE-2024-26280","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280"},{"reference_url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459","reference_id":"GHSA-6xwf-xvf3-v459","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32019?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-egd2-gh55-qfgj"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["CVE-2024-26280","GHSA-6xwf-xvf3-v459","PYSEC-2024-42"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-835a-arqz-g7h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37295?format=json","vulnerability_id":"VCID-91n6-evww-zybp","summary":"In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://github.com/apache/airflow/pull/63028","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/apache/airflow/pull/63028"},{"reference_url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/49522?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["CVE-2026-30912","PYSEC-2026-18"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-91n6-evww-zybp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36607?format=json","vulnerability_id":"VCID-98yf-mvnw-d3b4","summary":"Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3"},{"reference_url":"https://github.com/apache/airflow/pull/34939","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/34939"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml"},{"reference_url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781","reference_id":"CVE-2023-42781","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781"},{"reference_url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv","reference_id":"GHSA-r7x6-xfcm-3mxv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32007?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["CVE-2023-42781","GHSA-r7x6-xfcm-3mxv","PYSEC-2023-231"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98yf-mvnw-d3b4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35693?format=json","vulnerability_id":"VCID-9jm4-t1je-vqhm","summary":"In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.","references":[{"reference_url":"https://github.com/advisories/GHSA-6r3p-fcvm-xh7c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-6r3p-fcvm-xh7c"},{"reference_url":"https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19300?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"}],"aliases":["CVE-2020-17513","GHSA-6r3p-fcvm-xh7c","PYSEC-2020-20"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9jm4-t1je-vqhm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35725?format=json","vulnerability_id":"VCID-9tq4-v733-hug3","summary":"Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.","references":[{"reference_url":"https://github.com/advisories/GHSA-ffw3-6mp6-jmvj","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ffw3-6mp6-jmvj"},{"reference_url":"https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/17/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/02/17/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19941?format=json","purl":"pkg:pypi/apache-airflow@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1"}],"aliases":["CVE-2021-26559","GHSA-ffw3-6mp6-jmvj","PYSEC-2021-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9tq4-v733-hug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36699?format=json","vulnerability_id":"VCID-amac-hqnj-xfgz","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462"},{"reference_url":"https://github.com/apache/airflow/pull/36255","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/36255"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml"},{"reference_url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943","reference_id":"CVE-2023-50943","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943"},{"reference_url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2","reference_id":"GHSA-c3c6-f2ww-xfr2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32014?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/32015?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["CVE-2023-50943","GHSA-c3c6-f2ww-xfr2","PYSEC-2024-13"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-amac-hqnj-xfgz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36510?format=json","vulnerability_id":"VCID-b3w3-h9cm-ufgm","summary":"Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8"},{"reference_url":"https://github.com/apache/airflow/pull/29706","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/29706"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml"},{"reference_url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508","reference_id":"CVE-2023-39508","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508"},{"reference_url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm","reference_id":"GHSA-269x-pg5c-5xgm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31981?format=json","purl":"pkg:pypi/apache-airflow@2.6.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/31987?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["CVE-2023-39508","GHSA-269x-pg5c-5xgm","PYSEC-2023-134"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3w3-h9cm-ufgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35592?format=json","vulnerability_id":"VCID-bwd5-3jt5-pyb8","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. It was discovered that many of the admin management screens in the new/RBAC UI handled escaping incorrectly, allowing authenticated users with appropriate permissions to create stored XSS attacks.","references":[{"reference_url":"https://github.com/advisories/GHSA-q4p3-qw5c-mhpc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q4p3-qw5c-mhpc"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17780?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["CVE-2020-11983","GHSA-q4p3-qw5c-mhpc","PYSEC-2020-17"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwd5-3jt5-pyb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36526?format=json","vulnerability_id":"VCID-cahz-4dy7-bbe9","summary":"The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6"},{"reference_url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b"},{"reference_url":"https://github.com/apache/airflow/pull/33347","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://github.com/apache/airflow/pull/33347"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml"},{"reference_url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/08/23/1","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://www.openwall.com/lists/oss-security/2023/08/23/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273","reference_id":"CVE-2023-40273","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273"},{"reference_url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9","reference_id":"GHSA-pm87-24wq-r8w9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31999?format=json","purl":"pkg:pypi/apache-airflow@2.7.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/32001?format=json","purl":"pkg:pypi/apache-airflow@2.7.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jx5-34px-ukbz"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1"}],"aliases":["CVE-2023-40273","GHSA-pm87-24wq-r8w9","PYSEC-2023-158"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cahz-4dy7-bbe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36389?format=json","vulnerability_id":"VCID-dh4r-77xc-cbas","summary":"Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/29500","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/apache/airflow/pull/29500"},{"reference_url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693","reference_id":"CVE-2023-25693","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693"},{"reference_url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf","reference_id":"GHSA-j69x-v4wc-3fpf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32098?format=json","purl":"pkg:pypi/apache-airflow@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2b14-1bp2-gua6"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-5hxx-r2d2-9ybk"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-9j1n-cypf-p7g5"},{"vulnerability":"VCID-etmw-7eq5-mqa2"},{"vulnerability":"VCID-ezmu-8g1y-e3hz"},{"vulnerability":"VCID-geg4-1kgh-akde"},{"vulnerability":"VCID-hkwf-65vr-dkfz"},{"vulnerability":"VCID-knrd-atwy-gubn"},{"vulnerability":"VCID-snqz-3f8t-syhd"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-tbb9-myv7-a7h4"},{"vulnerability":"VCID-w56f-fmkf-dkfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1"}],"aliases":["CVE-2023-25693","GHSA-j69x-v4wc-3fpf","PYSEC-2023-314"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh4r-77xc-cbas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35836?format=json","vulnerability_id":"VCID-due7-n14c-akfx","summary":"If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.","references":[{"reference_url":"https://github.com/advisories/GHSA-m6h2-jx9v-58w6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m6h2-jx9v-58w6"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351"},{"reference_url":"https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8"},{"reference_url":"https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63"},{"reference_url":"https://github.com/apache/airflow/compare/2.1.1...2.1.2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/compare/2.1.1...2.1.2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35936","reference_id":"CVE-2021-35936","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35936"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23311?format=json","purl":"pkg:pypi/apache-airflow@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2"}],"aliases":["CVE-2021-35936","GHSA-m6h2-jx9v-58w6","PYSEC-2021-122"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-due7-n14c-akfx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36484?format=json","vulnerability_id":"VCID-ez45-qkb4-xkba","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8"},{"reference_url":"https://github.com/apache/airflow/pull/32309","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/32309"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml"},{"reference_url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651","reference_id":"CVE-2022-46651","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651"},{"reference_url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq","reference_id":"GHSA-xvw9-3mhm-xjqq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31996?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["CVE-2022-46651","GHSA-xvw9-3mhm-xjqq","PYSEC-2023-103"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ez45-qkb4-xkba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36608?format=json","vulnerability_id":"VCID-fbjk-2uvy-mqfc","summary":"We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/33413"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml"},{"reference_url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037","reference_id":"CVE-2023-47037","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037"},{"reference_url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9","reference_id":"GHSA-hm9r-7f84-25c9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32007?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["CVE-2023-47037","GHSA-hm9r-7f84-25c9","PYSEC-2023-232"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fbjk-2uvy-mqfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37165?format=json","vulnerability_id":"VCID-frbp-mhhr-8bdt","summary":"Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/59143","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/apache/airflow/pull/59143"},{"reference_url":"https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/16/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"http://www.openwall.com/lists/oss-security/2025/12/16/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67895","reference_id":"CVE-2025-67895","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67895"},{"reference_url":"https://github.com/advisories/GHSA-66h8-3g48-6hx8","reference_id":"GHSA-66h8-3g48-6hx8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-66h8-3g48-6hx8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19938?format=json","purl":"pkg:pypi/apache-airflow@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0"}],"aliases":["CVE-2025-67895","GHSA-66h8-3g48-6hx8","PYSEC-2025-87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-frbp-mhhr-8bdt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35967?format=json","vulnerability_id":"VCID-gn6e-a1yp-g7dw","summary":"In Apache Airflow prior to 2.2.0. This CVE applies to a specific case where a User who has \"can_create\" permissions on DAG Runs can create Dag Runs for dags that they don't have \"edit\" permissions for.","references":[{"reference_url":"https://github.com/advisories/GHSA-4jh2-3c85-q67h","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4jh2-3c85-q67h"},{"reference_url":"https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45230","reference_id":"CVE-2021-45230","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45230"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19932?format=json","purl":"pkg:pypi/apache-airflow@2.0.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/26396?format=json","purl":"pkg:pypi/apache-airflow@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0"}],"aliases":["CVE-2021-45230","GHSA-4jh2-3c85-q67h","PYSEC-2022-11"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gn6e-a1yp-g7dw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36180?format=json","vulnerability_id":"VCID-gz6e-b7dz-5qdf","summary":"In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.","references":[{"reference_url":"https://github.com/advisories/GHSA-q8h9-pqcx-59hw","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-q8h9-pqcx-59hw"},{"reference_url":"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/02/12","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/09/02/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/02/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/09/02/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29118?format=json","purl":"pkg:pypi/apache-airflow@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4bps-htex-tqgk"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6pk8-baws-e3dt"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4"}],"aliases":["CVE-2022-38170","GHSA-q8h9-pqcx-59hw","PYSEC-2022-261"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gz6e-b7dz-5qdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36487?format=json","vulnerability_id":"VCID-h6sp-398p-pbeg","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml"},{"reference_url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887","reference_id":"CVE-2023-22887","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887"},{"reference_url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv","reference_id":"GHSA-ggwr-4vr8-g7wv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31996?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["CVE-2023-22887","GHSA-ggwr-4vr8-g7wv","PYSEC-2023-104"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h6sp-398p-pbeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36402?format=json","vulnerability_id":"VCID-hah6-e5fc-juc5","summary":"Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951"},{"reference_url":"https://github.com/apache/airflow/pull/29501","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/29501"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml"},{"reference_url":"https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25695","reference_id":"CVE-2023-25695","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25695"},{"reference_url":"https://github.com/advisories/GHSA-h6g5-wqqr-3mw3","reference_id":"GHSA-h6g5-wqqr-3mw3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h6g5-wqqr-3mw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31975?format=json","purl":"pkg:pypi/apache-airflow@2.5.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/31977?format=json","purl":"pkg:pypi/apache-airflow@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2"}],"aliases":["CVE-2023-25695","GHSA-h6g5-wqqr-3mw3","PYSEC-2023-2"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hah6-e5fc-juc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36488?format=json","vulnerability_id":"VCID-hy75-nfg7-zfae","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml"},{"reference_url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888","reference_id":"CVE-2023-22888","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888"},{"reference_url":"https://github.com/advisories/GHSA-5946-8p38-vffp","reference_id":"GHSA-5946-8p38-vffp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5946-8p38-vffp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31996?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["CVE-2023-22888","GHSA-5946-8p38-vffp","PYSEC-2023-105"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hy75-nfg7-zfae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36651?format=json","vulnerability_id":"VCID-j86y-n37n-n7ft","summary":"Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c"},{"reference_url":"https://github.com/apache/airflow/pull/34366","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://github.com/apache/airflow/pull/34366"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml"},{"reference_url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291","reference_id":"CVE-2023-48291","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291"},{"reference_url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh","reference_id":"GHSA-8f57-wcmg-4jmh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32013?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-e5dn-tpzy-qqec"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["CVE-2023-48291","GHSA-8f57-wcmg-4jmh","PYSEC-2023-265"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j86y-n37n-n7ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35589?format=json","vulnerability_id":"VCID-jq98-gxbc-pydt","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. A stored XSS vulnerability was discovered in the Chart pages of the the \"classic\" UI.","references":[{"reference_url":"https://github.com/advisories/GHSA-j38c-25fj-mr84","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j38c-25fj-mr84"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17780?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["CVE-2020-9485","GHSA-j38c-25fj-mr84","PYSEC-2020-23"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jq98-gxbc-pydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36258?format=json","vulnerability_id":"VCID-kh46-xrgm-9udx","summary":"In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.","references":[{"reference_url":"https://github.com/apache/airflow/pull/26635","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/26635"},{"reference_url":"https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29467?format=json","purl":"pkg:pypi/apache-airflow@2.4.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1"}],"aliases":["CVE-2022-41672","PYSEC-2022-42983"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kh46-xrgm-9udx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35787?format=json","vulnerability_id":"VCID-ks8d-9vr8-4feh","summary":"The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).","references":[{"reference_url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19931?format=json","purl":"pkg:pypi/apache-airflow@1.10.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/21648?format=json","purl":"pkg:pypi/apache-airflow@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2"}],"aliases":["CVE-2021-28359","GHSA-3xxv-p78r-4fc6","PYSEC-2021-4"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8d-9vr8-4feh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36856?format=json","vulnerability_id":"VCID-mcbu-b45m-k3ck","summary":"Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow/pull/40933","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://github.com/apache/airflow/pull/40933"},{"reference_url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/08/21/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2024/08/21/3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32040?format=json","purl":"pkg:pypi/apache-airflow@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0"}],"aliases":["CVE-2024-41937","PYSEC-2024-181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mcbu-b45m-k3ck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36575?format=json","vulnerability_id":"VCID-njyy-ywer-x7bf","summary":"Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/34366","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://github.com/apache/airflow/pull/34366"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml"},{"reference_url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792","reference_id":"CVE-2023-42792","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792"},{"reference_url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9","reference_id":"GHSA-j3w8-2p2h-mrr9","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32005?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["CVE-2023-42792","GHSA-j3w8-2p2h-mrr9","PYSEC-2023-203"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-njyy-ywer-x7bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35591?format=json","vulnerability_id":"VCID-p9we-cpy2-17h4","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attack can connect to the broker (Redis, RabbitMQ) directly, it was possible to insert a malicious payload directly to the broker which could lead to a deserialization attack (and thus remote code execution) on the Worker.","references":[{"reference_url":"https://github.com/advisories/GHSA-9g2w-5f3v-mfmm","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-9g2w-5f3v-mfmm"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17780?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["CVE-2020-11982","GHSA-9g2w-5f3v-mfmm","PYSEC-2020-16"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p9we-cpy2-17h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35691?format=json","vulnerability_id":"VCID-pe8h-9hgu-j3hx","summary":"The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.","references":[{"reference_url":"https://github.com/advisories/GHSA-86vp-x3pr-79rx","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-86vp-x3pr-79rx"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/11/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/12/11/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/01/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/01/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19300?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"}],"aliases":["CVE-2020-17515","GHSA-86vp-x3pr-79rx","PYSEC-2020-21"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pe8h-9hgu-j3hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36040?format=json","vulnerability_id":"VCID-pybp-gfy8-2qcr","summary":"In Apache Airflow, prior to version 2.2.4, some example DAGs did not properly sanitize user-provided params, making them susceptible to OS Command Injection from the web UI.","references":[{"reference_url":"https://github.com/advisories/GHSA-3v7g-4pg3-7r6j","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3v7g-4pg3-7r6j"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml"},{"reference_url":"https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24288","reference_id":"CVE-2022-24288","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24288"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26751?format=json","purl":"pkg:pypi/apache-airflow@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5nys-mzgw-4khd"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4"}],"aliases":["CVE-2022-24288","GHSA-3v7g-4pg3-7r6j","PYSEC-2022-30"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pybp-gfy8-2qcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36545?format=json","vulnerability_id":"VCID-pypb-cezm-rkb2","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/33413"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml"},{"reference_url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611","reference_id":"CVE-2023-40611","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611"},{"reference_url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92","reference_id":"GHSA-wpg8-mf6h-gm92","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32003?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jx5-34px-ukbz"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["CVE-2023-40611","GHSA-wpg8-mf6h-gm92","PYSEC-2023-170"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pypb-cezm-rkb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36310?format=json","vulnerability_id":"VCID-q84t-8dac-93dm","summary":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.","references":[{"reference_url":"https://github.com/apache/airflow/pull/25960","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/25960"},{"reference_url":"https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/14/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/11/14/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29464?format=json","purl":"pkg:pypi/apache-airflow@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0"}],"aliases":["CVE-2022-40127","PYSEC-2022-42982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q84t-8dac-93dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36313?format=json","vulnerability_id":"VCID-qehu-58hj-67gn","summary":"In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.","references":[{"reference_url":"https://github.com/apache/airflow/pull/27576","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/27576"},{"reference_url":"https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/15/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2022/11/15/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29765?format=json","purl":"pkg:pypi/apache-airflow@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3"}],"aliases":["CVE-2022-45402","PYSEC-2022-42984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qehu-58hj-67gn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36436?format=json","vulnerability_id":"VCID-qmpd-946c-gqbc","summary":"Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473"},{"reference_url":"https://github.com/apache/airflow/pull/29506","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/29506"},{"reference_url":"https://github.com/apache/airflow/releases/tag/2.6.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/releases/tag/2.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml"},{"reference_url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/05/08/2","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2023/05/08/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754","reference_id":"CVE-2023-25754","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754"},{"reference_url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp","reference_id":"GHSA-jchm-fm4q-c2fp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31981?format=json","purl":"pkg:pypi/apache-airflow@2.6.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/31987?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["CVE-2023-25754","GHSA-jchm-fm4q-c2fp","PYSEC-2023-59"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmpd-946c-gqbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36415?format=json","vulnerability_id":"VCID-qr9h-6dg8-gkh3","summary":"Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3"},{"reference_url":"https://github.com/apache/airflow/pull/30215","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/30215"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml"},{"reference_url":"https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/04/07/1","reference_id":"","reference_type":"","scores":[],"url":"https://www.openwall.com/lists/oss-security/2023/04/07/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28707","reference_id":"CVE-2023-28707","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28707"},{"reference_url":"https://github.com/advisories/GHSA-85pf-r4c7-3j9r","reference_id":"GHSA-85pf-r4c7-3j9r","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-85pf-r4c7-3j9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29112?format=json","purl":"pkg:pypi/apache-airflow@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4bps-htex-tqgk"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5nys-mzgw-4khd"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6pk8-baws-e3dt"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2"}],"aliases":["CVE-2023-28707","GHSA-85pf-r4c7-3j9r","PYSEC-2023-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr9h-6dg8-gkh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35669?format=json","vulnerability_id":"VCID-quaj-w9r3-qya8","summary":"The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default","references":[{"reference_url":"https://github.com/advisories/GHSA-hhx9-p69v-cx2j","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-hhx9-p69v-cx2j"},{"reference_url":"https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18306?format=json","purl":"pkg:pypi/apache-airflow@1.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11"}],"aliases":["CVE-2020-13927","GHSA-hhx9-p69v-cx2j","PYSEC-2020-18"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-quaj-w9r3-qya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35620?format=json","vulnerability_id":"VCID-reu2-2xcq-fqa4","summary":"In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.","references":[{"reference_url":"https://github.com/advisories/GHSA-4pwq-fj89-6rjc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4pwq-fj89-6rjc"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/11/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/12/11/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/05/01/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/05/01/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/18311?format=json","purl":"pkg:pypi/apache-airflow@1.10.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12"}],"aliases":["CVE-2020-13944","GHSA-4pwq-fj89-6rjc","PYSEC-2020-19"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-reu2-2xcq-fqa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36527?format=json","vulnerability_id":"VCID-ryct-uaw3-fyfc","summary":"Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603"},{"reference_url":"https://github.com/apache/airflow/pull/32052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://github.com/apache/airflow/pull/32052"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml"},{"reference_url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/23/4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"http://www.openwall.com/lists/oss-security/2023/08/23/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379","reference_id":"CVE-2023-37379","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379"},{"reference_url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh","reference_id":"GHSA-x2mh-8fmc-rqgh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31997?format=json","purl":"pkg:pypi/apache-airflow@2.7.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/32000?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1jx5-34px-ukbz"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-c5dx-r8gh-93fm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"}],"aliases":["CVE-2023-37379","GHSA-x2mh-8fmc-rqgh","PYSEC-2023-152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryct-uaw3-fyfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36435?format=json","vulnerability_id":"VCID-suwt-h1ze-mydu","summary":"Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75"},{"reference_url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e"},{"reference_url":"https://github.com/apache/airflow/pull/30447","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/30447"},{"reference_url":"https://github.com/apache/airflow/pull/30779","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/30779"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml"},{"reference_url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247","reference_id":"CVE-2023-29247","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247"},{"reference_url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr","reference_id":"GHSA-vcf6-3wv2-5vcr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31987?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q4rb-1yt3-rqdk"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["CVE-2023-29247","GHSA-vcf6-3wv2-5vcr","PYSEC-2023-60"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-suwt-h1ze-mydu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37186?format=json","vulnerability_id":"VCID-t3ap-dzfp-1bd6","summary":"In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/59688","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/apache/airflow/pull/59688"},{"reference_url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/15/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2026/01/15/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675","reference_id":"CVE-2025-68675","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675"},{"reference_url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h","reference_id":"GHSA-7c2f-r6gc-h92h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32056?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/47095?format=json","purl":"pkg:pypi/apache-airflow@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2b14-1bp2-gua6"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-5hxx-r2d2-9ybk"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-9j1n-cypf-p7g5"},{"vulnerability":"VCID-etmw-7eq5-mqa2"},{"vulnerability":"VCID-geg4-1kgh-akde"},{"vulnerability":"VCID-hkwf-65vr-dkfz"},{"vulnerability":"VCID-knrd-atwy-gubn"},{"vulnerability":"VCID-tbb9-myv7-a7h4"},{"vulnerability":"VCID-w56f-fmkf-dkfv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6"}],"aliases":["CVE-2025-68675","GHSA-7c2f-r6gc-h92h","PYSEC-2026-10"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t3ap-dzfp-1bd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36573?format=json","vulnerability_id":"VCID-t476-g5u5-1yeh","summary":"Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://github.com/apache/airflow/pull/34355","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/apache/airflow/pull/34355"},{"reference_url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780","reference_id":"CVE-2023-42780","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780"},{"reference_url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43","reference_id":"GHSA-cgx2-rrmr-jx43","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32005?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t7xp-8ua7-d7ff"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["CVE-2023-42780","GHSA-cgx2-rrmr-jx43","PYSEC-2023-202"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t476-g5u5-1yeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35695?format=json","vulnerability_id":"VCID-trd4-8vc9-ufab","summary":"Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.","references":[{"reference_url":"https://github.com/advisories/GHSA-7mx5-x372-xh87","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7mx5-x372-xh87"},{"reference_url":"https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/12/21/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19364?format=json","purl":"pkg:pypi/apache-airflow@1.10.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14"}],"aliases":["CVE-2020-17526","GHSA-7mx5-x372-xh87","PYSEC-2020-22"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-trd4-8vc9-ufab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36933?format=json","vulnerability_id":"VCID-u5wv-47m4-8yd6","summary":"Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.","references":[{"reference_url":"https://github.com/apache/airflow/pull/43040","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/43040"},{"reference_url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/15/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2024/11/15/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32047?format=json","purl":"pkg:pypi/apache-airflow@2.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3"}],"aliases":["CVE-2024-45784","PYSEC-2024-182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5wv-47m4-8yd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36817?format=json","vulnerability_id":"VCID-x9ns-34nt-gfer","summary":"Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.","references":[{"reference_url":"https://github.com/apache/airflow/pull/39550","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://github.com/apache/airflow/pull/39550"},{"reference_url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/13/1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2024/06/13/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32034?format=json","purl":"pkg:pypi/apache-airflow@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2"}],"aliases":["CVE-2024-25142","PYSEC-2024-195"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9ns-34nt-gfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36485?format=json","vulnerability_id":"VCID-xh7u-8ze6-cqhk","summary":"Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315"},{"reference_url":"https://github.com/apache/airflow/pull/32060","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/32060"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml"},{"reference_url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543","reference_id":"CVE-2023-36543","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543"},{"reference_url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m","reference_id":"GHSA-3h4m-m55v-gx4m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/31996?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-a64u-53x6-dfge"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-csqr-pdvv-gfbh"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-wb11-e3rz-e3cf"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["CVE-2023-36543","GHSA-3h4m-m55v-gx4m","PYSEC-2023-106"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xh7u-8ze6-cqhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35724?format=json","vulnerability_id":"VCID-y7az-a4um-jqff","summary":"The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.","references":[{"reference_url":"https://github.com/advisories/GHSA-fh37-cx83-q542","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fh37-cx83-q542"},{"reference_url":"https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/17/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2021/02/17/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19941?format=json","purl":"pkg:pypi/apache-airflow@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-rkeh-vuxg-ubgn"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1"}],"aliases":["CVE-2021-26697","GHSA-fh37-cx83-q542","PYSEC-2021-3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y7az-a4um-jqff"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36835?format=json","vulnerability_id":"VCID-ydhm-m8vh-mber","summary":"Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.","references":[{"reference_url":"https://github.com/apache/airflow/pull/40475","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://github.com/apache/airflow/pull/40475"},{"reference_url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32036?format=json","purl":"pkg:pypi/apache-airflow@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-u5wv-47m4-8yd6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3"}],"aliases":["CVE-2024-39863","PYSEC-2024-189"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ydhm-m8vh-mber"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35590?format=json","vulnerability_id":"VCID-z4w8-3mr1-63ed","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. When using CeleryExecutor, if an attacker can connect to the broker (Redis, RabbitMQ) directly, it is possible to inject commands, resulting in the celery worker running arbitrary commands.","references":[{"reference_url":"https://github.com/advisories/GHSA-976r-qfjj-c24w","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-976r-qfjj-c24w"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/17780?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["CVE-2020-11981","GHSA-976r-qfjj-c24w","PYSEC-2020-15"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z4w8-3mr1-63ed"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35480?format=json","vulnerability_id":"VCID-4dpy-dzpr-bbg7","summary":"In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected.","references":[{"reference_url":"https://github.com/advisories/GHSA-rjvg-q57v-mjjc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rjvg-q57v-mjjc"},{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/14/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/01/14/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14461?format=json","purl":"pkg:pypi/apache-airflow@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2fnz-jqpe-nuau"},{"vulnerability":"VCID-2xr2-w3hk-auck"},{"vulnerability":"VCID-2ysx-9hz5-fyfm"},{"vulnerability":"VCID-3h3z-bfsc-jqax"},{"vulnerability":"VCID-4ga6-4111-dyc9"},{"vulnerability":"VCID-4xax-xw67-2qfv"},{"vulnerability":"VCID-4xdb-1kww-sfdh"},{"vulnerability":"VCID-56eq-awhd-d3fr"},{"vulnerability":"VCID-5cpd-kjpb-ekhv"},{"vulnerability":"VCID-5yxa-ubfq-fqdx"},{"vulnerability":"VCID-5zmy-2ape-7qfa"},{"vulnerability":"VCID-6gjt-zsju-47a3"},{"vulnerability":"VCID-6ksf-tekv-dud3"},{"vulnerability":"VCID-6vg9-hu9u-q7c3"},{"vulnerability":"VCID-71hr-1ews-9qa6"},{"vulnerability":"VCID-82kk-s7d6-f7he"},{"vulnerability":"VCID-835a-arqz-g7h7"},{"vulnerability":"VCID-91n6-evww-zybp"},{"vulnerability":"VCID-98yf-mvnw-d3b4"},{"vulnerability":"VCID-9jm4-t1je-vqhm"},{"vulnerability":"VCID-9tq4-v733-hug3"},{"vulnerability":"VCID-amac-hqnj-xfgz"},{"vulnerability":"VCID-b3w3-h9cm-ufgm"},{"vulnerability":"VCID-bwd5-3jt5-pyb8"},{"vulnerability":"VCID-cahz-4dy7-bbe9"},{"vulnerability":"VCID-dh4r-77xc-cbas"},{"vulnerability":"VCID-due7-n14c-akfx"},{"vulnerability":"VCID-ez45-qkb4-xkba"},{"vulnerability":"VCID-fbjk-2uvy-mqfc"},{"vulnerability":"VCID-frbp-mhhr-8bdt"},{"vulnerability":"VCID-gn6e-a1yp-g7dw"},{"vulnerability":"VCID-gz6e-b7dz-5qdf"},{"vulnerability":"VCID-h6sp-398p-pbeg"},{"vulnerability":"VCID-hah6-e5fc-juc5"},{"vulnerability":"VCID-hy75-nfg7-zfae"},{"vulnerability":"VCID-j86y-n37n-n7ft"},{"vulnerability":"VCID-jq98-gxbc-pydt"},{"vulnerability":"VCID-kh46-xrgm-9udx"},{"vulnerability":"VCID-ks8d-9vr8-4feh"},{"vulnerability":"VCID-mcbu-b45m-k3ck"},{"vulnerability":"VCID-njyy-ywer-x7bf"},{"vulnerability":"VCID-p9we-cpy2-17h4"},{"vulnerability":"VCID-pe8h-9hgu-j3hx"},{"vulnerability":"VCID-pybp-gfy8-2qcr"},{"vulnerability":"VCID-pypb-cezm-rkb2"},{"vulnerability":"VCID-q84t-8dac-93dm"},{"vulnerability":"VCID-qehu-58hj-67gn"},{"vulnerability":"VCID-qmpd-946c-gqbc"},{"vulnerability":"VCID-qr9h-6dg8-gkh3"},{"vulnerability":"VCID-quaj-w9r3-qya8"},{"vulnerability":"VCID-reu2-2xcq-fqa4"},{"vulnerability":"VCID-ryct-uaw3-fyfc"},{"vulnerability":"VCID-suwt-h1ze-mydu"},{"vulnerability":"VCID-t3ap-dzfp-1bd6"},{"vulnerability":"VCID-t476-g5u5-1yeh"},{"vulnerability":"VCID-trd4-8vc9-ufab"},{"vulnerability":"VCID-u5wv-47m4-8yd6"},{"vulnerability":"VCID-x9ns-34nt-gfer"},{"vulnerability":"VCID-xh7u-8ze6-cqhk"},{"vulnerability":"VCID-y7az-a4um-jqff"},{"vulnerability":"VCID-ydhm-m8vh-mber"},{"vulnerability":"VCID-z4w8-3mr1-63ed"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5"}],"aliases":["CVE-2019-12398","GHSA-rjvg-q57v-mjjc","PYSEC-2020-162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4dpy-dzpr-bbg7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5"}