Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/16769?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/16769?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "type": "pypi", "namespace": "", "name": "apache-airflow", "version": "1.10.11", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.12.0", "latest_non_vulnerable_version": "3.2.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/132652?format=api", "vulnerability_id": "VCID-168u-zs7t-pqdf", "summary": "Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00193", "scoring_system": "epss", "scoring_elements": "0.41143", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46215" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46215", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46215" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/10/28/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/10/28/1" }, { "reference_url": "https://github.com/apache/airflow/pull/34954", "reference_id": "34954", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/" } ], "url": "https://github.com/apache/airflow/pull/34954" }, { "reference_url": "https://github.com/advisories/GHSA-666g-rfc5-c9jv", "reference_id": "GHSA-666g-rfc5-c9jv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-666g-rfc5-c9jv" }, { "reference_url": "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n", "reference_id": "wm1jfmks7r6m7bj0mq4lmw3998svn46n", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/" } ], "url": "https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30665?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" } ], "aliases": [ "CVE-2023-46215", "GHSA-666g-rfc5-c9jv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-168u-zs7t-pqdf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57113?format=api", "vulnerability_id": "VCID-1fke-agqs-bkd1", "summary": "Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01137", "scoring_system": "epss", "scoring_elements": "0.78802", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-41937" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/08/21/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/08/21/3" }, { "reference_url": "https://github.com/apache/airflow/pull/40933", "reference_id": "40933", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/" } ], "url": "https://github.com/apache/airflow/pull/40933" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937", "reference_id": "CVE-2024-41937", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41937" }, { "reference_url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m", "reference_id": "GHSA-w7cp-g8v7-r54m", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7cp-g8v7-r54m" }, { "reference_url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", "reference_id": "lwlmgg6hqfmkpvw5py4w53hxyl37jl6d", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/" } ], "url": "https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33067?format=api", "purl": "pkg:pypi/apache-airflow@2.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u7dn-13j9-jkex" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0" } ], "aliases": [ "BIT-airflow-2024-41937", "CVE-2024-41937", "GHSA-w7cp-g8v7-r54m", "PYSEC-2024-181" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1fke-agqs-bkd1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/147952?format=api", "vulnerability_id": "VCID-2r7f-dzef-dfcs", "summary": "We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24365", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47037" }, { "reference_url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hm9r-7f84-25c9" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47037" }, { "reference_url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0", "reference_id": "04y4vrw1t2xl030gswtctc4nt1w90cb0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/" } ], "url": "https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/12/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "33413", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/" } ], "url": "https://github.com/apache/airflow/pull/33413" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74342?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "BIT-airflow-2023-47037", "CVE-2023-47037", "GHSA-hm9r-7f84-25c9", "PYSEC-2023-232" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7f-dzef-dfcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/138883?format=api", "vulnerability_id": "VCID-2urm-nyak-63ew", "summary": "Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00189", "scoring_system": "epss", "scoring_elements": "0.40601", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-37379" }, { "reference_url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x2mh-8fmc-rqgh" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37379" }, { "reference_url": "https://github.com/apache/airflow/pull/32052", "reference_id": "32052", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/" } ], "url": "https://github.com/apache/airflow/pull/32052" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/23/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/08/23/4" }, { "reference_url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r", "reference_id": "g5c9vcn27lr14go48thrjpo6f4vw571r", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "7.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/" } ], "url": "https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74333?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/30665?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" } ], "aliases": [ "BIT-airflow-2023-37379", "CVE-2023-37379", "GHSA-x2mh-8fmc-rqgh", "PYSEC-2023-152" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2urm-nyak-63ew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146652?format=api", "vulnerability_id": "VCID-2w8y-kxer-s7e2", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.34828", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50944" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml" }, { "reference_url": "https://github.com/apache/airflow/pull/36257", "reference_id": "36257", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/" } ], "url": "https://github.com/apache/airflow/pull/36257" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/5" }, { "reference_url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", "reference_id": "92krb5mpcq8qrw4t4j5oooqw7hgd8q7h", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/" } ], "url": "https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944", "reference_id": "CVE-2023-50944", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50944" }, { "reference_url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w", "reference_id": "GHSA-vm5m-qmrx-fw8w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm5m-qmrx-fw8w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28561?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29452?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "BIT-airflow-2023-50944", "CVE-2023-50944", "GHSA-vm5m-qmrx-fw8w", "PYSEC-2024-14" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2w8y-kxer-s7e2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218105?format=api", "vulnerability_id": "VCID-3ep8-xwyq-q7d9", "summary": "Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26559", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68636", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26559" }, { "reference_url": "https://github.com/advisories/GHSA-ffw3-6mp6-jmvj", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ffw3-6mp6-jmvj" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/blob/486b76438c0679682cf98cb88ed39c4b161cbcc8/CHANGELOG.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/blob/486b76438c0679682cf98cb88ed39c4b161cbcc8/CHANGELOG.txt" }, { "reference_url": "https://github.com/apache/airflow/commit/3909232fafd09ac72b49010ecdfd6ea48f06d5cf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/3909232fafd09ac72b49010ecdfd6ea48f06d5cf" }, { "reference_url": "https://github.com/apache/airflow/commit/5e35926c7eda0dfa11a9623e4bf5f60c2bd6b3f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/5e35926c7eda0dfa11a9623e4bf5f60c2bd6b3f6" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-2.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26559", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26559" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/17/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/02/17/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62487?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62489?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1" } ], "aliases": [ "BIT-airflow-2021-26559", "CVE-2021-26559", "GHSA-ffw3-6mp6-jmvj", "PYSEC-2021-2" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ep8-xwyq-q7d9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56829?format=api", "vulnerability_id": "VCID-4e1s-kjwm-4ffg", "summary": "Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50378", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52562", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-50378" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50378", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-50378" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/11/08/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/11/08/5" }, { "reference_url": "https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb", "reference_id": "17rxys384lzfd6nhm3fztzgvk47zy7jb", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/" } ], "url": "https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb" }, { "reference_url": "https://github.com/apache/airflow/pull/43123", "reference_id": "43123", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "2.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/" } ], "url": "https://github.com/apache/airflow/pull/43123" }, { "reference_url": "https://github.com/advisories/GHSA-j857-2pwm-jjmm", "reference_id": "GHSA-j857-2pwm-jjmm", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-j857-2pwm-jjmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74370?format=api", "purl": "pkg:pypi/apache-airflow@2.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3" } ], "aliases": [ "CVE-2024-50378", "GHSA-j857-2pwm-jjmm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1s-kjwm-4ffg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/88341?format=api", "vulnerability_id": "VCID-4n4v-jv1f-1bgk", "summary": "The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value\nfrom xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary\nexecution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.\n\nIt does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however\nusers following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of\nthe example with improved resiliance for that case.\n\nUsers who followed that pattern are advised to adjust their implementations accordingly.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54550", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.1733", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54550" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54550", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54550" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/15/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/15/1" }, { "reference_url": "https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1", "reference_id": "3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T11:56:37Z/" } ], "url": "https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1" }, { "reference_url": "https://github.com/apache/airflow/pull/63200", "reference_id": "63200", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T11:56:37Z/" } ], "url": "https://github.com/apache/airflow/pull/63200" }, { "reference_url": "https://github.com/advisories/GHSA-q2hg-643c-gw8h", "reference_id": "GHSA-q2hg-643c-gw8h", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q2hg-643c-gw8h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92193?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-7nmp-wvjt-5qcd" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-r4gm-ygr6-4ffs" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-y78u-y824-afc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "CVE-2025-54550", "GHSA-q2hg-643c-gw8h" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4n4v-jv1f-1bgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/174009?format=api", "vulnerability_id": "VCID-4q46-3648-ckaq", "summary": "A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.93305", "scoring_system": "epss", "scoring_elements": "0.99818", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40127" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/14/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/11/14/2" }, { "reference_url": "https://github.com/apache/airflow/pull/25960", "reference_id": "25960", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/" } ], "url": "https://github.com/apache/airflow/pull/25960" }, { "reference_url": "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy", "reference_id": "cf132hgm6jvzvsbpsozl3plf1r4cwysy", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/" } ], "url": "https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40127", "reference_id": "CVE-2022-40127", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40127" }, { "reference_url": "https://github.com/advisories/GHSA-6pw3-8h9w-32gc", "reference_id": "GHSA-6pw3-8h9w-32gc", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6pw3-8h9w-32gc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27853?format=api", "purl": "pkg:pypi/apache-airflow@2.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0" } ], "aliases": [ "BIT-airflow-2022-40127", "CVE-2022-40127", "GHSA-6pw3-8h9w-32gc", "PYSEC-2022-42982" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4q46-3648-ckaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32633?format=api", "vulnerability_id": "VCID-668v-1v1b-9bf2", "summary": "Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27568", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-25142" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/06/13/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/06/13/1" }, { "reference_url": "https://github.com/apache/airflow/pull/39550", "reference_id": "39550", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/" } ], "url": "https://github.com/apache/airflow/pull/39550" }, { "reference_url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", "reference_id": "cg1j28lk0fhzthk0of1g7vy7p2n1j7nr", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/" } ], "url": "https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142", "reference_id": "CVE-2024-25142", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25142" }, { "reference_url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2", "reference_id": "GHSA-9xpj-62mm-24h2", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9xpj-62mm-24h2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32199?format=api", "purl": "pkg:pypi/apache-airflow@2.9.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2" } ], "aliases": [ "BIT-airflow-2024-25142", "CVE-2024-25142", "GHSA-9xpj-62mm-24h2", "PYSEC-2024-195" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-668v-1v1b-9bf2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218082?format=api", "vulnerability_id": "VCID-6a87-cq75-3ubt", "summary": "In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00487", "scoring_system": "epss", "scoring_elements": "0.65898", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17511" }, { "reference_url": "https://github.com/advisories/GHSA-cvcq-gmc3-q6m8", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cvcq-gmc3-q6m8" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4e32546faf227a6497ce8b282fff7450cae6f665", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/4e32546faf227a6497ce8b282fff7450cae6f665" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-262.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-262.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17511", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "2.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61831?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" } ], "aliases": [ "BIT-airflow-2020-17511", "CVE-2020-17511", "GHSA-cvcq-gmc3-q6m8", "PYSEC-2020-262" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6a87-cq75-3ubt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218375?format=api", "vulnerability_id": "VCID-6smg-qne8-hfgj", "summary": "Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25634", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-48291" }, { "reference_url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f57-wcmg-4jmh" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml" }, { "reference_url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48291" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29828?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "BIT-airflow-2023-48291", "CVE-2023-48291", "GHSA-8f57-wcmg-4jmh", "PYSEC-2023-265" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6smg-qne8-hfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218081?format=api", "vulnerability_id": "VCID-6vhk-pt43-nqbd", "summary": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17515", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10185", "scoring_system": "epss", "scoring_elements": "0.93296", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17515" }, { "reference_url": "https://github.com/advisories/GHSA-86vp-x3pr-79rx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-86vp-x3pr-79rx" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/13336272e32872247fa7d17e964ccd88ec8d1376", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/13336272e32872247fa7d17e964ccd88ec8d1376" }, { "reference_url": "https://github.com/apache/airflow/commit/409c249121bd9c8902fc2ba551b21873ab41f953", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/409c249121bd9c8902fc2ba551b21873ab41f953" }, { "reference_url": "https://github.com/apache/airflow/commit/7486153f451e4d2bb1c6fd9cbb5a63430157c99c", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/7486153f451e4d2bb1c6fd9cbb5a63430157c99c" }, { "reference_url": "https://github.com/apache/airflow/commit/ab8c55878e3e4257d2276226cb17b047ba856686", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/ab8c55878e3e4257d2276226cb17b047ba856686" }, { "reference_url": "https://github.com/apache/airflow/commit/c6369beed53d41c0a70415b0d958bf0604124ad7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/c6369beed53d41c0a70415b0d958bf0604124ad7" }, { "reference_url": "https://github.com/apache/airflow/pull/14738", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/14738" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/1.10.15", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/releases/tag/1.10.15" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/2.0.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/releases/tag/2.0.2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-21.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-21.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17515", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17515" }, { "reference_url": "https://pypi.org/project/apache-airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/apache-airflow" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/11/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61831?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/62479?format=api", "purl": "pkg:pypi/apache-airflow@1.10.15rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/64215?format=api", "purl": "pkg:pypi/apache-airflow@2.0.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2rc1" } ], "aliases": [ "BIT-airflow-2020-17515", "CVE-2020-17515", "GHSA-86vp-x3pr-79rx", "PYSEC-2020-21" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vhk-pt43-nqbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150346?format=api", "vulnerability_id": "VCID-6ywu-aujt-dfbz", "summary": "The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51267", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40273" }, { "reference_url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pm87-24wq-r8w9" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6" }, { "reference_url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40273" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/08/23/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/" } ], "url": "https://www.openwall.com/lists/oss-security/2023/08/23/1" }, { "reference_url": "https://github.com/apache/airflow/pull/33347", "reference_id": "33347", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/" } ], "url": "https://github.com/apache/airflow/pull/33347" }, { "reference_url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "reference_id": "9rdmv8ln4y4ncbyrlmjrsj903x4l80nj", "reference_type": "", "scores": [ { "value": "8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/" } ], "url": "https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74335?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0rc2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2" }, { "url": "http://public2.vulnerablecode.io/api/packages/74336?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1" } ], "aliases": [ "BIT-airflow-2023-40273", "CVE-2023-40273", "GHSA-pm87-24wq-r8w9", "PYSEC-2023-158" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ywu-aujt-dfbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218134?format=api", "vulnerability_id": "VCID-7ujj-9jbc-jfes", "summary": "The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336)", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02558", "scoring_system": "epss", "scoring_elements": "0.85833", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28359" }, { "reference_url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3xxv-p78r-4fc6" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28359", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28359" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:pypi/apache-airflow@1.10.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/64216?format=api", "purl": "pkg:pypi/apache-airflow@2.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2" } ], "aliases": [ "BIT-airflow-2021-28359", "CVE-2021-28359", "GHSA-3xxv-p78r-4fc6", "PYSEC-2021-4" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ujj-9jbc-jfes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/91248?format=api", "vulnerability_id": "VCID-881f-vbac-rucw", "summary": "When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. \n\nThe issue has been fixed in Airflow 3.1.4 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03589", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-65995" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/12/12/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/12/12/2" }, { "reference_url": "https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2", "reference_id": "1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/" } ], "url": "https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2" }, { "reference_url": "https://github.com/apache/airflow/pull/58252", "reference_id": "58252", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/" } ], "url": "https://github.com/apache/airflow/pull/58252" }, { "reference_url": "https://github.com/apache/airflow/pull/61883", "reference_id": "61883", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/" } ], "url": "https://github.com/apache/airflow/pull/61883" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65995", "reference_id": "CVE-2025-65995", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-65995" }, { "reference_url": "https://github.com/advisories/GHSA-gfw7-2v73-69wg", "reference_id": "GHSA-gfw7-2v73-69wg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gfw7-2v73-69wg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37835?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/39492?format=api", "purl": "pkg:pypi/apache-airflow@3.1.5rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5r2q-cc18-v7cx" }, { "vulnerability": "VCID-7q3b-su3j-y7b4" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-ap8j-6689-kfgd" }, { "vulnerability": "VCID-bftx-1hw8-z7f1" }, { "vulnerability": "VCID-bkwd-x3qh-57ga" }, { "vulnerability": "VCID-bva2-dpg3-m7hv" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f41w-9d6d-wbgf" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-srr5-3rxv-rkg8" }, { "vulnerability": "VCID-szqt-j7av-dqde" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-typh-t13h-w3g1" }, { "vulnerability": "VCID-u2bm-499h-2qfh" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-yvkr-2un4-cyfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.5rc1" } ], "aliases": [ "CVE-2025-65995", "GHSA-gfw7-2v73-69wg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-881f-vbac-rucw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80377?format=api", "vulnerability_id": "VCID-8aa5-hyy9-e3f1", "summary": "A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-48726", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13639", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-48726" }, { "reference_url": "https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx", "reference_id": "630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/" } ], "url": "https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx" }, { "reference_url": "https://github.com/apache/airflow/pull/67289", "reference_id": "67289", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/" } ], "url": "https://github.com/apache/airflow/pull/67289" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-57735", "reference_id": "CVERecord?id=CVE-2025-57735", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-57735" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93948?format=api", "purl": "pkg:pypi/apache-airflow@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2" } ], "aliases": [ "BIT-airflow-2026-48726", "CVE-2026-48726", "PYSEC-2026-187" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8aa5-hyy9-e3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/137900?format=api", "vulnerability_id": "VCID-8gmn-hbp1-4kbt", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43764", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-35908" }, { "reference_url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2h84-3crq-vgfj" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db" }, { "reference_url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35908" }, { "reference_url": "https://github.com/apache/airflow/pull/32014", "reference_id": "32014", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/" } ], "url": "https://github.com/apache/airflow/pull/32014" }, { "reference_url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw", "reference_id": "vsflptk5dt30vrfggn96nx87d7zr6yvw", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/" } ], "url": "https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74332?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "BIT-airflow-2023-35908", "CVE-2023-35908", "GHSA-2h84-3crq-vgfj", "PYSEC-2023-119" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gmn-hbp1-4kbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=api", "vulnerability_id": "VCID-8ze1-k1e3-huhc", "summary": "DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11807", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56373" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/23/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/23/3" }, { "reference_url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy", "reference_id": "2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:43Z/" } ], "url": "https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy" }, { "reference_url": "https://github.com/apache/airflow/pull/61880", "reference_id": "61880", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:43Z/" } ], "url": "https://github.com/apache/airflow/pull/61880" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56373", "reference_id": "CVE-2024-56373", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56373" }, { "reference_url": "https://github.com/advisories/GHSA-r837-hpv7-pc2f", "reference_id": "GHSA-r837-hpv7-pc2f", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r837-hpv7-pc2f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37835?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" } ], "aliases": [ "CVE-2024-56373", "GHSA-r837-hpv7-pc2f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8ze1-k1e3-huhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/217942?format=api", "vulnerability_id": "VCID-9fm3-h4pj-6kac", "summary": "In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13944", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17227", "scoring_system": "epss", "scoring_elements": "0.95174", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13944" }, { "reference_url": "https://github.com/advisories/GHSA-4pwq-fj89-6rjc", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4pwq-fj89-6rjc" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/5c2bb7b0b0e717b11f093910b443243330ad93ca", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/5c2bb7b0b0e717b11f093910b443243330ad93ca" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-19.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-19.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13944", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13944" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/11/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/11/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/60731?format=api", "purl": "pkg:pypi/apache-airflow@1.10.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12" } ], "aliases": [ "BIT-airflow-2020-13944", "CVE-2020-13944", "GHSA-4pwq-fj89-6rjc", "PYSEC-2020-19" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9fm3-h4pj-6kac" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70597?format=api", "vulnerability_id": "VCID-9y7c-yxq4-f7ha", "summary": "A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12918", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42360" }, { "reference_url": "https://github.com/apache/airflow/pull/65906", "reference_id": "65906", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T13:55:15Z/" } ], "url": "https://github.com/apache/airflow/pull/65906" }, { "reference_url": "https://lists.apache.org/thread/obj79bpxnl7r5olz1gsn0g94y88glnl4", "reference_id": "obj79bpxnl7r5olz1gsn0g94y88glnl4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T13:55:15Z/" } ], "url": "https://lists.apache.org/thread/obj79bpxnl7r5olz1gsn0g94y88glnl4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93948?format=api", "purl": "pkg:pypi/apache-airflow@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2" } ], "aliases": [ "BIT-airflow-2026-42360", "CVE-2026-42360", "PYSEC-2026-172" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9y7c-yxq4-f7ha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/172143?format=api", "vulnerability_id": "VCID-akt3-fjpx-zbbd", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00617", "scoring_system": "epss", "scoring_elements": "0.70428", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41131" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/27647", "reference_id": "27647", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:11:00Z/" } ], "url": "https://github.com/apache/airflow/pull/27647" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41131", "reference_id": "CVE-2022-41131", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41131" }, { "reference_url": "https://github.com/advisories/GHSA-cm43-f2pv-6v68", "reference_id": "GHSA-cm43-f2pv-6v68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cm43-f2pv-6v68" }, { "reference_url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", "reference_id": "wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:11:00Z/" } ], "url": "https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26994?format=api", "purl": "pkg:pypi/apache-airflow@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0" } ], "aliases": [ "CVE-2022-41131", "GHSA-cm43-f2pv-6v68" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akt3-fjpx-zbbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40361?format=api", "vulnerability_id": "VCID-bjtj-v297-cbd7", "summary": "Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01059", "scoring_system": "epss", "scoring_elements": "0.78047", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45784" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45784", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45784" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/11/15/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/11/15/1" }, { "reference_url": "https://github.com/apache/airflow/pull/43040", "reference_id": "43040", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/" } ], "url": "https://github.com/apache/airflow/pull/43040" }, { "reference_url": "https://github.com/advisories/GHSA-46c3-5xc5-wwhv", "reference_id": "GHSA-46c3-5xc5-wwhv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-46c3-5xc5-wwhv" }, { "reference_url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h", "reference_id": "k2jm55jztlbmk4zrlh10syvq3n57hl4h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/" } ], "url": "https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74370?format=api", "purl": "pkg:pypi/apache-airflow@2.10.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3" } ], "aliases": [ "BIT-airflow-2024-45784", "CVE-2024-45784", "GHSA-46c3-5xc5-wwhv", "PYSEC-2024-182" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjtj-v297-cbd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139548?format=api", "vulnerability_id": "VCID-bw9q-wjgg-vqgs", "summary": "Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.\n\nThe default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.\n\nUsers are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39441", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00255", "scoring_system": "epss", "scoring_elements": "0.4916", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39441" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/38fc9cd823feafd8ec61d5d5c7eddb9e9162f755", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/38fc9cd823feafd8ec61d5d5c7eddb9e9162f755" }, { "reference_url": "https://github.com/apache/airflow/commit/3bd8f020e8b7bdeb7f618bdbdfb3557f117b29d3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/3bd8f020e8b7bdeb7f618bdbdfb3557f117b29d3" }, { "reference_url": "https://github.com/apache/airflow/commit/dbacacbd4d476da757de148a4e747924c34fd7fe", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/dbacacbd4d476da757de148a4e747924c34fd7fe" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39441", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39441" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/23/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/08/23/2" }, { "reference_url": "https://github.com/apache/airflow/pull/33070", "reference_id": "33070", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/" } ], "url": "https://github.com/apache/airflow/pull/33070" }, { "reference_url": "https://github.com/apache/airflow/pull/33075", "reference_id": "33075", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/" } ], "url": "https://github.com/apache/airflow/pull/33075" }, { "reference_url": "https://github.com/apache/airflow/pull/33108", "reference_id": "33108", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/" } ], "url": "https://github.com/apache/airflow/pull/33108" }, { "reference_url": "https://github.com/advisories/GHSA-5f35-pq34-c87q", "reference_id": "GHSA-5f35-pq34-c87q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5f35-pq34-c87q" }, { "reference_url": "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb", "reference_id": "xzp4wgjg2b1o6ylk2595df8bstlbo1lb", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/" } ], "url": "https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30665?format=api", "purl": "pkg:pypi/apache-airflow@2.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0" } ], "aliases": [ "CVE-2023-39441", "GHSA-5f35-pq34-c87q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9q-wjgg-vqgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/46712?format=api", "vulnerability_id": "VCID-bwh8-43re-a3b8", "summary": "Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00433", "scoring_system": "epss", "scoring_elements": "0.63178", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-39863" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/16/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/16/6" }, { "reference_url": "https://github.com/apache/airflow/pull/40475", "reference_id": "40475", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/" } ], "url": "https://github.com/apache/airflow/pull/40475" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863", "reference_id": "CVE-2024-39863", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-39863" }, { "reference_url": "https://github.com/advisories/GHSA-j482-47xf-p25c", "reference_id": "GHSA-j482-47xf-p25c", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j482-47xf-p25c" }, { "reference_url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3", "reference_id": "gxkvs279f1mbvckv5q65worr6how20o3", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/" } ], "url": "https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/32669?format=api", "purl": "pkg:pypi/apache-airflow@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3" } ], "aliases": [ "BIT-airflow-2024-39863", "CVE-2024-39863", "GHSA-j482-47xf-p25c", "PYSEC-2024-189" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bwh8-43re-a3b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/164837?format=api", "vulnerability_id": "VCID-c2d5-ha3e-hkcd", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38649", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06634", "scoring_system": "epss", "scoring_elements": "0.91403", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38649" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a" }, { "reference_url": "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz", "reference_id": "033o1gbc4ly6dpd2xf1o201v56fbl4dz", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/" } ], "url": "https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz" }, { "reference_url": "https://github.com/apache/airflow/pull/27641", "reference_id": "27641", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/" } ], "url": "https://github.com/apache/airflow/pull/27641" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38649", "reference_id": "CVE-2022-38649", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38649" }, { "reference_url": "https://github.com/advisories/GHSA-7wqf-h36w-47mc", "reference_id": "GHSA-7wqf-h36w-47mc", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wqf-h36w-47mc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26994?format=api", "purl": "pkg:pypi/apache-airflow@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0" } ], "aliases": [ "CVE-2022-38649", "GHSA-7wqf-h36w-47mc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2d5-ha3e-hkcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139413?format=api", "vulnerability_id": "VCID-c2sx-75mh-afhd", "summary": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39553", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02101", "scoring_system": "epss", "scoring_elements": "0.8443", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39553" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39553", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39553" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/08/11/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/08/11/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/08/11/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/08/11/1" }, { "reference_url": "https://github.com/apache/airflow/pull/33074", "reference_id": "33074", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/" } ], "url": "https://github.com/apache/airflow/pull/33074" }, { "reference_url": "https://github.com/advisories/GHSA-mq4v-6vg4-796c", "reference_id": "GHSA-mq4v-6vg4-796c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mq4v-6vg4-796c" }, { "reference_url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf", "reference_id": "ozpl0opmob49rkcz8svo8wkxyw1395sf", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/" } ], "url": "https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27859?format=api", "purl": "pkg:pypi/apache-airflow@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3" } ], "aliases": [ "CVE-2023-39553", "GHSA-mq4v-6vg4-796c", "PYSEC-2023-136" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2sx-75mh-afhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/207574?format=api", "vulnerability_id": "VCID-cjdt-c5b2-f7bb", "summary": "Improper Privilege Management in apache-airflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01784", "scoring_system": "epss", "scoring_elements": "0.83134", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45230" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml" }, { "reference_url": "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45230", "reference_id": "CVE-2021-45230", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45230" }, { "reference_url": "https://github.com/advisories/GHSA-4jh2-3c85-q67h", "reference_id": "GHSA-4jh2-3c85-q67h", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4jh2-3c85-q67h" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/18856?format=api", "purl": "pkg:pypi/apache-airflow@2.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0" } ], "aliases": [ "BIT-airflow-2021-45230", "CVE-2021-45230", "GHSA-4jh2-3c85-q67h", "PYSEC-2022-11" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjdt-c5b2-f7bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149643?format=api", "vulnerability_id": "VCID-cn8p-pg33-83aa", "summary": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22884", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.76288", "scoring_system": "epss", "scoring_elements": "0.98952", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22884" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22884" }, { "reference_url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", "reference_id": "0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/" } ], "url": "https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h" }, { "reference_url": "https://github.com/apache/airflow/pull/28811", "reference_id": "28811", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/" } ], "url": "https://github.com/apache/airflow/pull/28811" }, { "reference_url": "https://github.com/advisories/GHSA-c732-xvv8-g94c", "reference_id": "GHSA-c732-xvv8-g94c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c732-xvv8-g94c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74311?format=api", "purl": "pkg:pypi/apache-airflow@2.5.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1" } ], "aliases": [ "CVE-2023-22884", "GHSA-c732-xvv8-g94c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cn8p-pg33-83aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/171547?format=api", "vulnerability_id": "VCID-cnzs-6j9b-cfd2", "summary": "A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27949", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.6228", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27949" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a" }, { "reference_url": "https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml" }, { "reference_url": "https://github.com/apache/airflow/pull/22754", "reference_id": "22754", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/" } ], "url": "https://github.com/apache/airflow/pull/22754" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/14/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/11/14/3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27949", "reference_id": "CVE-2022-27949", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27949" }, { "reference_url": "https://github.com/advisories/GHSA-fvw2-2pf7-77vw", "reference_id": "GHSA-fvw2-2pf7-77vw", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fvw2-2pf7-77vw" }, { "reference_url": "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p", "reference_id": "n38oc5obb48600fsvnbopxcs0jpbp65p", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/" } ], "url": "https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27852?format=api", "purl": "pkg:pypi/apache-airflow@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1" } ], "aliases": [ "BIT-airflow-2022-27949", "CVE-2022-27949", "GHSA-fvw2-2pf7-77vw", "PYSEC-2022-42981" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cnzs-6j9b-cfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135625?format=api", "vulnerability_id": "VCID-d6m3-rkux-pfaw", "summary": "Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00582", "scoring_system": "epss", "scoring_elements": "0.69426", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42792" }, { "reference_url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j3w8-2p2h-mrr9" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42792" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/1" }, { "reference_url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", "reference_id": "1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/" } ], "url": "https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq" }, { "reference_url": "https://github.com/apache/airflow/pull/34366", "reference_id": "34366", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/" } ], "url": "https://github.com/apache/airflow/pull/34366" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74340?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "BIT-airflow-2023-42792", "CVE-2023-42792", "GHSA-j3w8-2p2h-mrr9", "PYSEC-2023-203" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d6m3-rkux-pfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/68064?format=api", "vulnerability_id": "VCID-es5x-ee29-6ue8", "summary": "The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user.\n\nUsers are recommended to upgrade to version 3.2.1 , which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-38743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00065", "scoring_system": "epss", "scoring_elements": "0.20412", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-38743" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/fed4921098d51fd3ec17b7f5cff80f6c36fd05e2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/fed4921098d51fd3ec17b7f5cff80f6c36fd05e2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38743", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-38743" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/24/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/24/3" }, { "reference_url": "https://github.com/apache/airflow/pull/64822", "reference_id": "64822", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:21:58Z/" } ], "url": "https://github.com/apache/airflow/pull/64822" }, { "reference_url": "https://github.com/advisories/GHSA-p3v3-229h-mc63", "reference_id": "GHSA-p3v3-229h-mc63", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p3v3-229h-mc63" }, { "reference_url": "https://lists.apache.org/thread/sk2wj0x48o8qb4p7c47gvnhjbm0mg396", "reference_id": "sk2wj0x48o8qb4p7c47gvnhjbm0mg396", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:21:58Z/" } ], "url": "https://lists.apache.org/thread/sk2wj0x48o8qb4p7c47gvnhjbm0mg396" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93941?format=api", "purl": "pkg:pypi/apache-airflow@3.2.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-7nmp-wvjt-5qcd" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-r4gm-ygr6-4ffs" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-y78u-y824-afc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.1rc1" } ], "aliases": [ "CVE-2026-38743", "GHSA-p3v3-229h-mc63" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-es5x-ee29-6ue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40520?format=api", "vulnerability_id": "VCID-etdd-wf1g-5yc6", "summary": "Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03097", "scoring_system": "epss", "scoring_elements": "0.87086", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45034" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/09/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/09/06/3" }, { "reference_url": "https://github.com/apache/airflow/pull/41672", "reference_id": "41672", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/" } ], "url": "https://github.com/apache/airflow/pull/41672" }, { "reference_url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx", "reference_id": "b4fcw33vh60yfg9990n5vmc7sy2dcgjx", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/" } ], "url": "https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034", "reference_id": "CVE-2024-45034", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45034" }, { "reference_url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w", "reference_id": "GHSA-92xg-gmrq-5c3w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-92xg-gmrq-5c3w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33279?format=api", "purl": "pkg:pypi/apache-airflow@2.10.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1" } ], "aliases": [ "BIT-airflow-2024-45034", "CVE-2024-45034", "GHSA-92xg-gmrq-5c3w", "PYSEC-2024-212" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-etdd-wf1g-5yc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173855?format=api", "vulnerability_id": "VCID-ex63-gwxe-tufh", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15925", "scoring_system": "epss", "scoring_elements": "0.94911", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40189" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/27644", "reference_id": "27644", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:24:47Z/" } ], "url": "https://github.com/apache/airflow/pull/27644" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40189", "reference_id": "CVE-2022-40189", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40189" }, { "reference_url": "https://github.com/advisories/GHSA-rmf2-pwfq-h75j", "reference_id": "GHSA-rmf2-pwfq-h75j", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmf2-pwfq-h75j" }, { "reference_url": "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15", "reference_id": "yxnfzfw2w9pj5s785k3rlyly4y44sd15", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:24:47Z/" } ], "url": "https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26994?format=api", "purl": "pkg:pypi/apache-airflow@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0" } ], "aliases": [ "CVE-2022-40189", "GHSA-rmf2-pwfq-h75j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ex63-gwxe-tufh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83883?format=api", "vulnerability_id": "VCID-f5rh-fhtd-wyau", "summary": "A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40861", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.27712", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40861" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/31/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/31/1" }, { "reference_url": "https://github.com/apache/airflow/pull/65325", "reference_id": "65325", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:33:03Z/" } ], "url": "https://github.com/apache/airflow/pull/65325" }, { "reference_url": "https://lists.apache.org/thread/823334db2559xjlwt59gpzjz47thnscl", "reference_id": "823334db2559xjlwt59gpzjz47thnscl", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:33:03Z/" } ], "url": "https://lists.apache.org/thread/823334db2559xjlwt59gpzjz47thnscl" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93948?format=api", "purl": "pkg:pypi/apache-airflow@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2" } ], "aliases": [ "BIT-airflow-2026-40861", "CVE-2026-40861", "PYSEC-2026-181" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rh-fhtd-wyau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218180?format=api", "vulnerability_id": "VCID-fxxa-6sx4-yfhh", "summary": "If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35936", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01895", "scoring_system": "epss", "scoring_elements": "0.83613", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35936" }, { "reference_url": "https://github.com/advisories/GHSA-m6h2-jx9v-58w6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m6h2-jx9v-58w6" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351" }, { "reference_url": "https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8" }, { "reference_url": "https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63" }, { "reference_url": "https://github.com/apache/airflow/compare/2.1.1...2.1.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/compare/2.1.1...2.1.2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35936", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-35936" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65936?format=api", "purl": "pkg:pypi/apache-airflow@2.1.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2" } ], "aliases": [ "BIT-airflow-2021-35936", "CVE-2021-35936", "GHSA-m6h2-jx9v-58w6", "PYSEC-2021-122" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxxa-6sx4-yfhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/146641?format=api", "vulnerability_id": "VCID-g4qz-drbp-gqdp", "summary": "Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00215", "scoring_system": "epss", "scoring_elements": "0.44118", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50943" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml" }, { "reference_url": "https://github.com/apache/airflow/pull/36255", "reference_id": "36255", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/" } ], "url": "https://github.com/apache/airflow/pull/36255" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/01/24/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/01/24/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943", "reference_id": "CVE-2023-50943", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50943" }, { "reference_url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn", "reference_id": "fx278v0twqzxkcts70tc04cp3f8p56pn", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/" } ], "url": "https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn" }, { "reference_url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2", "reference_id": "GHSA-c3c6-f2ww-xfr2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c3c6-f2ww-xfr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/28561?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/29452?format=api", "purl": "pkg:pypi/apache-airflow@2.8.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1" } ], "aliases": [ "BIT-airflow-2023-50943", "CVE-2023-50943", "GHSA-c3c6-f2ww-xfr2", "PYSEC-2024-13" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4qz-drbp-gqdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/136381?format=api", "vulnerability_id": "VCID-g4y4-92yj-r3ct", "summary": "Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00804", "scoring_system": "epss", "scoring_elements": "0.74568", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-36543" }, { "reference_url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3h4m-m55v-gx4m" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-36543" }, { "reference_url": "https://github.com/apache/airflow/pull/32060", "reference_id": "32060", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/" } ], "url": "https://github.com/apache/airflow/pull/32060" }, { "reference_url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4", "reference_id": "tokfs980504ylgk3cv3hjlnrtbv4tng4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/" } ], "url": "https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74332?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "BIT-airflow-2023-36543", "CVE-2023-36543", "GHSA-3h4m-m55v-gx4m", "PYSEC-2023-106" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4y4-92yj-r3ct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83003?format=api", "vulnerability_id": "VCID-gbn8-8y8d-gkgw", "summary": "Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. \n\nUsers are advised to upgrade to 3.1.7 or later, which resolves this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24098", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0375", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24098" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/02/09/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/02/09/3" }, { "reference_url": "https://github.com/apache/airflow/pull/60801", "reference_id": "60801", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:28:52Z/" } ], "url": "https://github.com/apache/airflow/pull/60801" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24098", "reference_id": "CVE-2026-24098", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24098" }, { "reference_url": "https://github.com/advisories/GHSA-5g2w-9f8g-g5q7", "reference_id": "GHSA-5g2w-9f8g-g5q7", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5g2w-9f8g-g5q7" }, { "reference_url": "https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x", "reference_id": "nx96435v77xdst7ls5lk57kqvqyj095x", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:28:52Z/" } ], "url": "https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/38937?format=api", "purl": "pkg:pypi/apache-airflow@3.1.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5r2q-cc18-v7cx" }, { "vulnerability": "VCID-7q3b-su3j-y7b4" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-ap8j-6689-kfgd" }, { "vulnerability": "VCID-bkwd-x3qh-57ga" }, { "vulnerability": "VCID-bva2-dpg3-m7hv" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f41w-9d6d-wbgf" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-szqt-j7av-dqde" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-typh-t13h-w3g1" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-yvkr-2un4-cyfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.7" } ], "aliases": [ "BIT-airflow-2026-24098", "CVE-2026-24098", "GHSA-5g2w-9f8g-g5q7", "PYSEC-2026-12" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbn8-8y8d-gkgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129456?format=api", "vulnerability_id": "VCID-gdht-hfnv-pqbm", "summary": "Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.66366", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25754" }, { "reference_url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jchm-fm4q-c2fp" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/2.6.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/releases/tag/2.6.0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25754" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/05/08/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/05/08/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/05/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/05/08/2" }, { "reference_url": "https://github.com/apache/airflow/pull/29506", "reference_id": "29506", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/" } ], "url": "https://github.com/apache/airflow/pull/29506" }, { "reference_url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", "reference_id": "3y83gr0qb8t49ppfk4fb2yk7md8ltq4v", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/" } ], "url": "https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74318?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74324?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "BIT-airflow-2023-25754", "CVE-2023-25754", "GHSA-jchm-fm4q-c2fp", "PYSEC-2023-59" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gdht-hfnv-pqbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/134704?format=api", "vulnerability_id": "VCID-gfcb-gz5n-23fs", "summary": "Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28707", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00964", "scoring_system": "epss", "scoring_elements": "0.76974", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28707" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28707", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28707" }, { "reference_url": "https://www.openwall.com/lists/oss-security/2023/04/07/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.openwall.com/lists/oss-security/2023/04/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/04/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/04/07/1" }, { "reference_url": "https://github.com/apache/airflow/pull/30215", "reference_id": "30215", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/" } ], "url": "https://github.com/apache/airflow/pull/30215" }, { "reference_url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk", "reference_id": "dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/" } ], "url": "https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk" }, { "reference_url": "https://github.com/advisories/GHSA-85pf-r4c7-3j9r", "reference_id": "GHSA-85pf-r4c7-3j9r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-85pf-r4c7-3j9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71546?format=api", "purl": "pkg:pypi/apache-airflow@2.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2" } ], "aliases": [ "CVE-2023-28707", "GHSA-85pf-r4c7-3j9r", "PYSEC-2023-3" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfcb-gz5n-23fs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69986?format=api", "vulnerability_id": "VCID-h4r7-k7z1-6kgg", "summary": "Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45360", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24797", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45360" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/05/31/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "http://www.openwall.com/lists/oss-security/2026/05/31/12" }, { "reference_url": "https://github.com/apache/airflow/pull/66737", "reference_id": "66737", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-02T15:48:16Z/" } ], "url": "https://github.com/apache/airflow/pull/66737" }, { "reference_url": "https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83", "reference_id": "q227dghjwgfz8xsxrf2pwpz4wk43zm83", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-02T15:48:16Z/" } ], "url": "https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93948?format=api", "purl": "pkg:pypi/apache-airflow@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2" } ], "aliases": [ "BIT-airflow-2026-45360", "CVE-2026-45360", "PYSEC-2026-186" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4r7-k7z1-6kgg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218347?format=api", "vulnerability_id": "VCID-he37-337a-r7ex", "summary": "Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00401", "scoring_system": "epss", "scoring_elements": "0.61169", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42663" }, { "reference_url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32wr-qqw6-5mfp" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/34315", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/34315" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml" }, { "reference_url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42663" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74340?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "BIT-airflow-2023-42663", "CVE-2023-42663", "GHSA-32wr-qqw6-5mfp", "PYSEC-2023-197" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-he37-337a-r7ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/140907?format=api", "vulnerability_id": "VCID-hwhg-hxp4-qyeb", "summary": "Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00524", "scoring_system": "epss", "scoring_elements": "0.67409", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-29247" }, { "reference_url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vcf6-3wv2-5vcr" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75" }, { "reference_url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-29247" }, { "reference_url": "https://github.com/apache/airflow/pull/30447", "reference_id": "30447", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/" } ], "url": "https://github.com/apache/airflow/pull/30447" }, { "reference_url": "https://github.com/apache/airflow/pull/30779", "reference_id": "30779", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/" } ], "url": "https://github.com/apache/airflow/pull/30779" }, { "reference_url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl", "reference_id": "kqf5lxmko133780clsp827xfsh4xd3fl", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/" } ], "url": "https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74324?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "BIT-airflow-2023-29247", "CVE-2023-29247", "GHSA-vcf6-3wv2-5vcr", "PYSEC-2023-60" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hwhg-hxp4-qyeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/77264?format=api", "vulnerability_id": "VCID-jqkv-bj6f-mkh8", "summary": "Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.\n\nThis issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32794", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07578", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-32794" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32794", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32794" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/03/30/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/03/30/9" }, { "reference_url": "https://github.com/apache/airflow/pull/63704", "reference_id": "63704", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:31:16Z/" } ], "url": "https://github.com/apache/airflow/pull/63704" }, { "reference_url": "https://github.com/advisories/GHSA-wrpj-755p-x363", "reference_id": "GHSA-wrpj-755p-x363", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wrpj-755p-x363" }, { "reference_url": "https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb", "reference_id": "hn17yqsgsdtl81llvhf80rkp53hnz5nb", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:31:16Z/" } ], "url": "https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375223?format=api", "purl": "pkg:pypi/apache-airflow@1.12.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.12.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1" } ], "aliases": [ "CVE-2026-32794", "GHSA-wrpj-755p-x363" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jqkv-bj6f-mkh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135341?format=api", "vulnerability_id": "VCID-k32s-e7tk-gfe7", "summary": "Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17265", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42781" }, { "reference_url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r7x6-xfcm-3mxv" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42781" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/12/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/12/2" }, { "reference_url": "https://github.com/apache/airflow/pull/34939", "reference_id": "34939", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/" } ], "url": "https://github.com/apache/airflow/pull/34939" }, { "reference_url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1", "reference_id": "7dnl8nszdxqyns57f3dw0sloy5dfl9o1", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/" } ], "url": "https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74342?format=api", "purl": "pkg:pypi/apache-airflow@2.7.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3" } ], "aliases": [ "BIT-airflow-2023-42781", "CVE-2023-42781", "GHSA-r7x6-xfcm-3mxv", "PYSEC-2023-231" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k32s-e7tk-gfe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149694?format=api", "vulnerability_id": "VCID-kgwq-4rwr-dybt", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00639", "scoring_system": "epss", "scoring_elements": "0.71005", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22887" }, { "reference_url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-ggwr-4vr8-g7wv" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22887" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "32293", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/" } ], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo", "reference_id": "rxddqs76r6rkxsg1n24d029zys67qwwo", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/" } ], "url": "https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74332?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "BIT-airflow-2023-22887", "CVE-2023-22887", "GHSA-ggwr-4vr8-g7wv", "PYSEC-2023-104" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgwq-4rwr-dybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/116990?format=api", "vulnerability_id": "VCID-kjra-gghm-sqg2", "summary": "Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08712", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-27555" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/61882", "reference_id": "61882", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:39:35Z/" } ], "url": "https://github.com/apache/airflow/pull/61882" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27555", "reference_id": "CVE-2025-27555", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27555" }, { "reference_url": "https://github.com/advisories/GHSA-8r55-rv5w-6pfm", "reference_id": "GHSA-8r55-rv5w-6pfm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8r55-rv5w-6pfm" }, { "reference_url": "https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw", "reference_id": "nxovkp319jo8vg498gql1yswtb2frbkw", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:39:35Z/" } ], "url": "https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37835?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" } ], "aliases": [ "CVE-2025-27555", "GHSA-8r55-rv5w-6pfm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kjra-gghm-sqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/173735?format=api", "vulnerability_id": "VCID-nnbr-jmj5-v3c9", "summary": "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01131", "scoring_system": "epss", "scoring_elements": "0.78741", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-40954" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", "reference_id": "0tmdlnmjs5t4gsx5fy73tb6zd3jztq45", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/" } ], "url": "https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45" }, { "reference_url": "https://github.com/apache/airflow/pull/27646", "reference_id": "27646", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/" } ], "url": "https://github.com/apache/airflow/pull/27646" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40954", "reference_id": "CVE-2022-40954", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40954" }, { "reference_url": "https://github.com/advisories/GHSA-45r6-j3cc-6mxx", "reference_id": "GHSA-45r6-j3cc-6mxx", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45r6-j3cc-6mxx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26994?format=api", "purl": "pkg:pypi/apache-airflow@2.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0" } ], "aliases": [ "CVE-2022-40954", "GHSA-45r6-j3cc-6mxx" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nnbr-jmj5-v3c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/162892?format=api", "vulnerability_id": "VCID-nxm8-uma2-u3ed", "summary": "In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01135", "scoring_system": "epss", "scoring_elements": "0.78782", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43982" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml" }, { "reference_url": "https://github.com/apache/airflow/pull/27143", "reference_id": "27143", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/" } ], "url": "https://github.com/apache/airflow/pull/27143" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43982", "reference_id": "CVE-2022-43982", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43982" }, { "reference_url": "https://github.com/advisories/GHSA-h63r-9xxf-f2c7", "reference_id": "GHSA-h63r-9xxf-f2c7", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h63r-9xxf-f2c7" }, { "reference_url": "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l", "reference_id": "vqnvdrfsw9z7v7c46qh3psjgr7wy959l", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/" } ], "url": "https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27734?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72140?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2" } ], "aliases": [ "BIT-airflow-2022-43982", "CVE-2022-43982", "GHSA-h63r-9xxf-f2c7", "PYSEC-2022-42970" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxm8-uma2-u3ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65906?format=api", "vulnerability_id": "VCID-nz83-fzzb-5ucs", "summary": "The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data.\n\nIf you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.1.8", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.0766", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25219" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25219" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/15/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/15/3" }, { "reference_url": "https://github.com/apache/airflow/pull/61580", "reference_id": "61580", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/" } ], "url": "https://github.com/apache/airflow/pull/61580" }, { "reference_url": "https://github.com/apache/airflow/pull/61582", "reference_id": "61582", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/" } ], "url": "https://github.com/apache/airflow/pull/61582" }, { "reference_url": "https://github.com/advisories/GHSA-4g48-54q2-fg7q", "reference_id": "GHSA-4g48-54q2-fg7q", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4g48-54q2-fg7q" }, { "reference_url": "https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh", "reference_id": "t4dlmqkn0njz4chk3g7mdgzb96y4ttqh", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/" } ], "url": "https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/91427?format=api", "purl": "pkg:pypi/apache-airflow@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5r2q-cc18-v7cx" }, { "vulnerability": "VCID-6vv8-kr7f-mubf" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-ap8j-6689-kfgd" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-szqt-j7av-dqde" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-typh-t13h-w3g1" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-yvkr-2un4-cyfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8" } ], "aliases": [ "CVE-2026-25219", "GHSA-4g48-54q2-fg7q" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nz83-fzzb-5ucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129478?format=api", "vulnerability_id": "VCID-p92v-jeew-eygn", "summary": "Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25695", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01026", "scoring_system": "epss", "scoring_elements": "0.77708", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25695" }, { "reference_url": "https://github.com/advisories/GHSA-h6g5-wqqr-3mw3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h6g5-wqqr-3mw3" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25695", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25695" }, { "reference_url": "https://github.com/apache/airflow/pull/29501", "reference_id": "29501", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/" } ], "url": "https://github.com/apache/airflow/pull/29501" }, { "reference_url": "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2", "reference_id": "z8w6ckzs61ql365tv4d19k82o67r15p2", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/" } ], "url": "https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74312?format=api", "purl": "pkg:pypi/apache-airflow@2.5.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74314?format=api", "purl": "pkg:pypi/apache-airflow@2.5.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2" } ], "aliases": [ "BIT-airflow-2023-25695", "CVE-2023-25695", "GHSA-h6g5-wqqr-3mw3", "PYSEC-2023-2" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p92v-jeew-eygn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/163163?format=api", "vulnerability_id": "VCID-q4kq-54bn-2yfd", "summary": "In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43985", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00507", "scoring_system": "epss", "scoring_elements": "0.66709", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43985" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml" }, { "reference_url": "https://github.com/apache/airflow/pull/27143", "reference_id": "27143", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/" } ], "url": "https://github.com/apache/airflow/pull/27143" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43985", "reference_id": "CVE-2022-43985", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43985" }, { "reference_url": "https://github.com/advisories/GHSA-f9fq-78ch-4wmj", "reference_id": "GHSA-f9fq-78ch-4wmj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f9fq-78ch-4wmj" }, { "reference_url": "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq", "reference_id": "m13y9s5kw92fw9l8j4qd85h0txp4kfcq", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/" } ], "url": "https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27734?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/72140?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2" } ], "aliases": [ "BIT-airflow-2022-43985", "CVE-2022-43985", "GHSA-f9fq-78ch-4wmj", "PYSEC-2022-42971" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q4kq-54bn-2yfd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/166046?format=api", "vulnerability_id": "VCID-qg14-ym9d-wuea", "summary": "In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06361", "scoring_system": "epss", "scoring_elements": "0.91201", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-45402" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/11/15/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/11/15/1" }, { "reference_url": "https://github.com/apache/airflow/pull/27576", "reference_id": "27576", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/" } ], "url": "https://github.com/apache/airflow/pull/27576" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45402", "reference_id": "CVE-2022-45402", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-45402" }, { "reference_url": "https://github.com/advisories/GHSA-rg94-84xj-7gq3", "reference_id": "GHSA-rg94-84xj-7gq3", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rg94-84xj-7gq3" }, { "reference_url": "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", "reference_id": "nf4xrkoo6c81g6fdn4vj8k9x2686o9nh", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/" } ], "url": "https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27859?format=api", "purl": "pkg:pypi/apache-airflow@2.4.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3" } ], "aliases": [ "BIT-airflow-2022-45402", "CVE-2022-45402", "GHSA-rg94-84xj-7gq3", "PYSEC-2022-42984" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg14-ym9d-wuea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218083?format=api", "vulnerability_id": "VCID-qrdz-mth2-4kgd", "summary": "In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02135", "scoring_system": "epss", "scoring_elements": "0.84562", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17513" }, { "reference_url": "https://github.com/advisories/GHSA-6r3p-fcvm-xh7c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6r3p-fcvm-xh7c" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/b606b871226d649913a37fd074eeae5d86ebc3a1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/b606b871226d649913a37fd074eeae5d86ebc3a1" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-20.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-20.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17513", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17513" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61831?format=api", "purl": "pkg:pypi/apache-airflow@1.10.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13" } ], "aliases": [ "BIT-airflow-2020-17513", "CVE-2020-17513", "GHSA-6r3p-fcvm-xh7c", "PYSEC-2020-20" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrdz-mth2-4kgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93134?format=api", "vulnerability_id": "VCID-r2bq-ukcr-1fa3", "summary": "In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14122", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68675" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-10.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-10.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/01/15/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/01/15/6" }, { "reference_url": "https://github.com/apache/airflow/pull/59688", "reference_id": "59688", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/" } ], "url": "https://github.com/apache/airflow/pull/59688" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675", "reference_id": "CVE-2025-68675", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68675" }, { "reference_url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h", "reference_id": "GHSA-7c2f-r6gc-h92h", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7c2f-r6gc-h92h" }, { "reference_url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5", "reference_id": "x6kply4nqd4vc4wgxtm6g9r2tt63s8c5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/" } ], "url": "https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/37835?format=api", "purl": "pkg:pypi/apache-airflow@2.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/37837?format=api", "purl": "pkg:pypi/apache-airflow@3.1.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5r2q-cc18-v7cx" }, { "vulnerability": "VCID-7q3b-su3j-y7b4" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-ap8j-6689-kfgd" }, { "vulnerability": "VCID-bkwd-x3qh-57ga" }, { "vulnerability": "VCID-bva2-dpg3-m7hv" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f41w-9d6d-wbgf" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-srr5-3rxv-rkg8" }, { "vulnerability": "VCID-szqt-j7av-dqde" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-typh-t13h-w3g1" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-yvkr-2un4-cyfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6" } ], "aliases": [ "BIT-airflow-2025-68675", "CVE-2025-68675", "GHSA-7c2f-r6gc-h92h", "PYSEC-2026-10" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2bq-ukcr-1fa3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/139382?format=api", "vulnerability_id": "VCID-r91g-hqa7-zbep", "summary": "Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00481", "scoring_system": "epss", "scoring_elements": "0.65586", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-39508" }, { "reference_url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-269x-pg5c-5xgm" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39508" }, { "reference_url": "https://github.com/apache/airflow/pull/29706", "reference_id": "29706", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/" } ], "url": "https://github.com/apache/airflow/pull/29706" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/43", "reference_id": "43", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/43" }, { "reference_url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", "reference_id": "j2nkjd0zqvtqk85s6ywpx3c35pvzyx15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/" } ], "url": "https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74318?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0b1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1" }, { "url": "http://public2.vulnerablecode.io/api/packages/74324?format=api", "purl": "pkg:pypi/apache-airflow@2.6.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5jy7-w294-kuf8" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0" } ], "aliases": [ "BIT-airflow-2023-39508", "CVE-2023-39508", "GHSA-269x-pg5c-5xgm", "PYSEC-2023-134" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r91g-hqa7-zbep" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41396?format=api", "vulnerability_id": "VCID-rnpn-qfdf-87aq", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45562", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-26280" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa" }, { "reference_url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99" }, { "reference_url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e" }, { "reference_url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d" }, { "reference_url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f" }, { "reference_url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/01/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/01/1" }, { "reference_url": "https://github.com/apache/airflow/pull/37501", "reference_id": "37501", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/" } ], "url": "https://github.com/apache/airflow/pull/37501" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280", "reference_id": "CVE-2024-26280", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26280" }, { "reference_url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459", "reference_id": "GHSA-6xwf-xvf3-v459", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xwf-xvf3-v459" }, { "reference_url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh", "reference_id": "knskxxxml95091rsnpxkpo1jjp8rj0fh", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/" } ], "url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29453?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-b6t6-294p-nkgx" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "BIT-airflow-2024-26280", "CVE-2024-26280", "GHSA-6xwf-xvf3-v459", "PYSEC-2024-42" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rnpn-qfdf-87aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218086?format=api", "vulnerability_id": "VCID-sp29-t2bx-rfcu", "summary": "Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17526", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91484", "scoring_system": "epss", "scoring_elements": "0.99685", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-17526" }, { "reference_url": "https://github.com/advisories/GHSA-7mx5-x372-xh87", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7mx5-x372-xh87" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2f3b1c780472afd4c8a93633e6633feb7083792e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2f3b1c780472afd4c8a93633e6633feb7083792e" }, { "reference_url": "https://github.com/apache/airflow/commit/6b065840323f9a4fc8e372b458d26e419e4fa99b", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/6b065840323f9a4fc8e372b458d26e419e4fa99b" }, { "reference_url": "https://github.com/apache/airflow/commit/97b2735d65e95c4633966667b6db3908540f3937", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/97b2735d65e95c4633966667b6db3908540f3937" }, { "reference_url": "https://github.com/apache/airflow/commit/9e01476a50b9be27c4b1e6c6e24d36f290629195", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/9e01476a50b9be27c4b1e6c6e24d36f290629195" }, { "reference_url": "https://github.com/apache/airflow/commit/a8900fa5f2b8963e9f57ba4ae5520a5d339aeaad", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/a8900fa5f2b8963e9f57ba4ae5520a5d339aeaad" }, { "reference_url": "https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6" }, { "reference_url": "https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-22.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-22.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17526", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-17526" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/21/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" }, { "value": "8.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/21/1" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61899?format=api", "purl": "pkg:pypi/apache-airflow@1.10.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14" } ], "aliases": [ "BIT-airflow-2020-17526", "CVE-2020-17526", "GHSA-7mx5-x372-xh87", "PYSEC-2020-22" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sp29-t2bx-rfcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55788?format=api", "vulnerability_id": "VCID-sxa8-9f89-bfdv", "summary": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16309", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-27906" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b" }, { "reference_url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9" }, { "reference_url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7" }, { "reference_url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a" }, { "reference_url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326" }, { "reference_url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446" }, { "reference_url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24" }, { "reference_url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2" }, { "reference_url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/02/29/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2024/02/29/1" }, { "reference_url": "https://github.com/apache/airflow/pull/37290", "reference_id": "37290", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/" } ], "url": "https://github.com/apache/airflow/pull/37290" }, { "reference_url": "https://github.com/apache/airflow/pull/37468", "reference_id": "37468", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/" } ], "url": "https://github.com/apache/airflow/pull/37468" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906", "reference_id": "CVE-2024-27906", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27906" }, { "reference_url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2", "reference_id": "GHSA-6v6w-h8m6-7mv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6v6w-h8m6-7mv2" }, { "reference_url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5", "reference_id": "on4f7t5sqr3vfgp1pvkck79wv7mq9st5", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/" } ], "url": "https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29453?format=api", "purl": "pkg:pypi/apache-airflow@2.8.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-b6t6-294p-nkgx" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2" } ], "aliases": [ "BIT-airflow-2024-27906", "CVE-2024-27906", "GHSA-6v6w-h8m6-7mv2", "PYSEC-2024-245" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sxa8-9f89-bfdv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84240?format=api", "vulnerability_id": "VCID-tbn8-rdjn-nban", "summary": "The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00087", "scoring_system": "epss", "scoring_elements": "0.24909", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-40690" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/cf3452d76e2ef5a8bae247f9fc90c759ff9df02f", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/cf3452d76e2ef5a8bae247f9fc90c759ff9df02f" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40690", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40690" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/24/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/24/4" }, { "reference_url": "https://github.com/apache/airflow/pull/65273", "reference_id": "65273", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:54:08Z/" } ], "url": "https://github.com/apache/airflow/pull/65273" }, { "reference_url": "https://lists.apache.org/thread/bqt7y4g2cpj396b0sd20lv510ff19ndl", "reference_id": "bqt7y4g2cpj396b0sd20lv510ff19ndl", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:54:08Z/" } ], "url": "https://lists.apache.org/thread/bqt7y4g2cpj396b0sd20lv510ff19ndl" }, { "reference_url": "https://github.com/advisories/GHSA-w7rc-q6cm-f5gm", "reference_id": "GHSA-w7rc-q6cm-f5gm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7rc-q6cm-f5gm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93941?format=api", "purl": "pkg:pypi/apache-airflow@3.2.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-7nmp-wvjt-5qcd" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-r4gm-ygr6-4ffs" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-y78u-y824-afc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.1rc1" } ], "aliases": [ "CVE-2026-40690", "GHSA-w7rc-q6cm-f5gm" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbn8-rdjn-nban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/150189?format=api", "vulnerability_id": "VCID-tg1w-9bcx-6fg3", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34557", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40712" }, { "reference_url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mjqh-v5f2-g2mw" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e" }, { "reference_url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40712" }, { "reference_url": "https://github.com/apache/airflow/pull/33512", "reference_id": "33512", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/" } ], "url": "https://github.com/apache/airflow/pull/33512" }, { "reference_url": "https://github.com/apache/airflow/pull/33516", "reference_id": "33516", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/" } ], "url": "https://github.com/apache/airflow/pull/33516" }, { "reference_url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", "reference_id": "jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/" } ], "url": "https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74338?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "BIT-airflow-2023-40712", "CVE-2023-40712", "GHSA-mjqh-v5f2-g2mw", "PYSEC-2023-171" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg1w-9bcx-6fg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/66519?format=api", "vulnerability_id": "VCID-ttb5-juj4-uugt", "summary": "In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0007", "scoring_system": "epss", "scoring_elements": "0.21612", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-30912" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-18.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30912", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-30912" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/5" }, { "reference_url": "https://github.com/apache/airflow/pull/63028", "reference_id": "63028", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/" } ], "url": "https://github.com/apache/airflow/pull/63028" }, { "reference_url": "https://github.com/advisories/GHSA-w7cf-2pmc-5m4c", "reference_id": "GHSA-w7cf-2pmc-5m4c", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w7cf-2pmc-5m4c" }, { "reference_url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9", "reference_id": "tp6kz1hnfb3zsrrtg19myo8x5x80w8r9", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/" } ], "url": "https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92193?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-7nmp-wvjt-5qcd" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-r4gm-ygr6-4ffs" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-y78u-y824-afc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "BIT-airflow-2026-30912", "CVE-2026-30912", "GHSA-w7cf-2pmc-5m4c", "PYSEC-2026-18" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb5-juj4-uugt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/165299?format=api", "vulnerability_id": "VCID-u42p-urfu-83hn", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00167", "scoring_system": "epss", "scoring_elements": "0.37599", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-46651" }, { "reference_url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xvw9-3mhm-xjqq" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46651" }, { "reference_url": "https://github.com/apache/airflow/pull/32309", "reference_id": "32309", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/" } ], "url": "https://github.com/apache/airflow/pull/32309" }, { "reference_url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d", "reference_id": "n45h3y82og125rnlgt6rbm9szfb6q24d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/" } ], "url": "https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74332?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "BIT-airflow-2022-46651", "CVE-2022-46651", "GHSA-xvw9-3mhm-xjqq", "PYSEC-2023-103" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u42p-urfu-83hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149335?format=api", "vulnerability_id": "VCID-u7j1-ha9q-xkdd", "summary": "Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00151", "scoring_system": "epss", "scoring_elements": "0.35491", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-22888" }, { "reference_url": "https://github.com/advisories/GHSA-5946-8p38-vffp", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5946-8p38-vffp" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22888" }, { "reference_url": "https://github.com/apache/airflow/pull/32293", "reference_id": "32293", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/" } ], "url": "https://github.com/apache/airflow/pull/32293" }, { "reference_url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z", "reference_id": "dnlht2hvm7k81k5tgjtsfmk27c76kq7z", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/" } ], "url": "https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74332?format=api", "purl": "pkg:pypi/apache-airflow@2.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3" } ], "aliases": [ "BIT-airflow-2023-22888", "CVE-2023-22888", "GHSA-5946-8p38-vffp", "PYSEC-2023-105" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7j1-ha9q-xkdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/135539?format=api", "vulnerability_id": "VCID-utkw-km71-efgd", "summary": "Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.31983", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-42780" }, { "reference_url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cgx2-rrmr-jx43" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-42780" }, { "reference_url": "https://github.com/apache/airflow/pull/34355", "reference_id": "34355", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/" } ], "url": "https://github.com/apache/airflow/pull/34355" }, { "reference_url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d", "reference_id": "h5tvsvov8j55wojt5sojdprs05oby34d", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/" } ], "url": "https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74340?format=api", "purl": "pkg:pypi/apache-airflow@2.7.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2" } ], "aliases": [ "BIT-airflow-2023-42780", "CVE-2023-42780", "GHSA-cgx2-rrmr-jx43", "PYSEC-2023-202" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utkw-km71-efgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208292?format=api", "vulnerability_id": "VCID-utwq-nekz-f7de", "summary": "OS Command injection in Apache Airflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24288", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.89825", "scoring_system": "epss", "scoring_elements": "0.99592", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-24288" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml" }, { "reference_url": "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24288", "reference_id": "CVE-2022-24288", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24288" }, { "reference_url": "https://github.com/advisories/GHSA-3v7g-4pg3-7r6j", "reference_id": "GHSA-3v7g-4pg3-7r6j", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3v7g-4pg3-7r6j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19522?format=api", "purl": "pkg:pypi/apache-airflow@2.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8y5v-gc8r-mfds" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4" } ], "aliases": [ "BIT-airflow-2022-24288", "CVE-2022-24288", "GHSA-3v7g-4pg3-7r6j", "PYSEC-2022-30" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-utwq-nekz-f7de" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/208295?format=api", "vulnerability_id": "VCID-uyfw-cw7q-gubj", "summary": "Apache Airflow Cross-site Scripting Vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45229", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02835", "scoring_system": "epss", "scoring_elements": "0.86506", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45229" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml" }, { "reference_url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45229", "reference_id": "CVE-2021-45229", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45229" }, { "reference_url": "https://github.com/advisories/GHSA-65xw-pcqw-hjrh", "reference_id": "GHSA-65xw-pcqw-hjrh", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-65xw-pcqw-hjrh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/19523?format=api", "purl": "pkg:pypi/apache-airflow@2.2.4rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1" } ], "aliases": [ "BIT-airflow-2021-45229", "CVE-2021-45229", "GHSA-65xw-pcqw-hjrh", "PYSEC-2022-29" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uyfw-cw7q-gubj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65750?format=api", "vulnerability_id": "VCID-vnaq-tba8-ykag", "summary": "Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16146", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25917" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-13.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-13.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25917", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25917" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/17/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/17/9" }, { "reference_url": "https://github.com/apache/airflow/pull/61641", "reference_id": "61641", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/" } ], "url": "https://github.com/apache/airflow/pull/61641" }, { "reference_url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po", "reference_id": "6whgpkqbh12rvpfmvcg8b0vwlv4hq3po", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/" } ], "url": "https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po" }, { "reference_url": "https://github.com/advisories/GHSA-6ffj-2wg2-w45j", "reference_id": "GHSA-6ffj-2wg2-w45j", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6ffj-2wg2-w45j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/92193?format=api", "purl": "pkg:pypi/apache-airflow@3.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-7nmp-wvjt-5qcd" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-r4gm-ygr6-4ffs" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-y78u-y824-afc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0" } ], "aliases": [ "BIT-airflow-2026-25917", "CVE-2026-25917", "GHSA-6ffj-2wg2-w45j", "PYSEC-2026-13" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vnaq-tba8-ykag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69884?format=api", "vulnerability_id": "VCID-vxqr-wyq5-6yge", "summary": "A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45192", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.1204", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-45192" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/06/01/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "http://www.openwall.com/lists/oss-security/2026/06/01/3" }, { "reference_url": "https://github.com/apache/airflow/pull/66673", "reference_id": "66673", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:52:50Z/" } ], "url": "https://github.com/apache/airflow/pull/66673" }, { "reference_url": "https://lists.apache.org/thread/r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd", "reference_id": "r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:52:50Z/" } ], "url": "https://lists.apache.org/thread/r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/93948?format=api", "purl": "pkg:pypi/apache-airflow@3.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2" } ], "aliases": [ "BIT-airflow-2026-45192", "CVE-2026-45192", "PYSEC-2026-173" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vxqr-wyq5-6yge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/149953?format=api", "vulnerability_id": "VCID-vymx-nqhb-pfht", "summary": "Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32183", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-40611" }, { "reference_url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wpg8-mf6h-gm92" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad" }, { "reference_url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40611" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/11/12/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2023/11/12/1" }, { "reference_url": "https://github.com/apache/airflow/pull/33413", "reference_id": "33413", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/" } ], "url": "https://github.com/apache/airflow/pull/33413" }, { "reference_url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", "reference_id": "8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/" } ], "url": "https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74338?format=api", "purl": "pkg:pypi/apache-airflow@2.7.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-86v6-qrfj-9fdb" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-ahbc-71um-h3g2" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cevw-hkjm-mkc2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1" } ], "aliases": [ "BIT-airflow-2023-40611", "CVE-2023-40611", "GHSA-wpg8-mf6h-gm92", "PYSEC-2023-170" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vymx-nqhb-pfht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211446?format=api", "vulnerability_id": "VCID-wpnx-wvj6-2khc", "summary": "Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41672", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00339", "scoring_system": "epss", "scoring_elements": "0.57056", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41672" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c" }, { "reference_url": "https://github.com/apache/airflow/pull/26635", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/26635" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml" }, { "reference_url": "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41672", "reference_id": "CVE-2022-41672", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41672" }, { "reference_url": "https://github.com/advisories/GHSA-3q8r-f3pj-3gc4", "reference_id": "GHSA-3q8r-f3pj-3gc4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3q8r-f3pj-3gc4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27284?format=api", "purl": "pkg:pypi/apache-airflow@2.4.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/27734?format=api", "purl": "pkg:pypi/apache-airflow@2.4.2rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8htr-n7ys-1bbw" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1" } ], "aliases": [ "BIT-airflow-2022-41672", "CVE-2022-41672", "GHSA-3q8r-f3pj-3gc4", "PYSEC-2022-42983" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnx-wvj6-2khc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/211287?format=api", "vulnerability_id": "VCID-xcmz-3we1-gucg", "summary": "Apache Airflow exposes arbitrary file content", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38170", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.51165", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-38170" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420" }, { "reference_url": "https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8" }, { "reference_url": "https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml" }, { "reference_url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/02/12", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/12" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/02/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/09/21/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38170", "reference_id": "CVE-2022-38170", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-38170" }, { "reference_url": "https://github.com/advisories/GHSA-q8h9-pqcx-59hw", "reference_id": "GHSA-q8h9-pqcx-59hw", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q8h9-pqcx-59hw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26111?format=api", "purl": "pkg:pypi/apache-airflow@2.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-b397-bkbt-uyat" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jq9s-gczd-yue3" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-q832-2q3v-dya5" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4" } ], "aliases": [ "BIT-airflow-2022-38170", "CVE-2022-38170", "GHSA-q8h9-pqcx-59hw", "PYSEC-2022-261" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmz-3we1-gucg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218104?format=api", "vulnerability_id": "VCID-xkmg-g2wz-hfd2", "summary": "The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02459", "scoring_system": "epss", "scoring_elements": "0.85564", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26697" }, { "reference_url": "https://github.com/advisories/GHSA-fh37-cx83-q542", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh37-cx83-q542" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/21cedff205e7d62675949fda2aa4616d77232b76", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/21cedff205e7d62675949fda2aa4616d77232b76" }, { "reference_url": "https://github.com/apache/airflow/commit/24a54242d56058846c7978130b3f37ca045d5142", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/24a54242d56058846c7978130b3f37ca045d5142" }, { "reference_url": "https://github.com/apache/airflow/commit/93957e917ff4cfb0be11aef088bd9527cf728a04", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/93957e917ff4cfb0be11aef088bd9527cf728a04" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-3.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26697", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-26697" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/02/17/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/02/17/2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62487?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/62489?format=api", "purl": "pkg:pypi/apache-airflow@2.0.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1" } ], "aliases": [ "BIT-airflow-2021-26697", "CVE-2021-26697", "GHSA-fh37-cx83-q542", "PYSEC-2021-3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xkmg-g2wz-hfd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/129148?format=api", "vulnerability_id": "VCID-z7rt-fxe3-3udw", "summary": "Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03621", "scoring_system": "epss", "scoring_elements": "0.88069", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-25693" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-314.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-314.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25693" }, { "reference_url": "https://github.com/apache/airflow/pull/29500", "reference_id": "29500", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/" } ], "url": "https://github.com/apache/airflow/pull/29500" }, { "reference_url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4", "reference_id": "79qn8g5xbq036f8crb115obvr22l52q4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/" } ], "url": "https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4" }, { "reference_url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf", "reference_id": "GHSA-j69x-v4wc-3fpf", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j69x-v4wc-3fpf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/34926?format=api", "purl": "pkg:pypi/apache-airflow@3.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2j7p-89b9-t7e8" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-5r2q-cc18-v7cx" }, { "vulnerability": "VCID-7q3b-su3j-y7b4" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-ap8j-6689-kfgd" }, { "vulnerability": "VCID-bftx-1hw8-z7f1" }, { "vulnerability": "VCID-bkwd-x3qh-57ga" }, { "vulnerability": "VCID-bva2-dpg3-m7hv" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-f41w-9d6d-wbgf" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-srr5-3rxv-rkg8" }, { "vulnerability": "VCID-szqt-j7av-dqde" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-tx59-fvt4-mbfj" }, { "vulnerability": "VCID-typh-t13h-w3g1" }, { "vulnerability": "VCID-u2bm-499h-2qfh" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-xga6-ksvc-9yhf" }, { "vulnerability": "VCID-yvkr-2un4-cyfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1" } ], "aliases": [ "CVE-2023-25693", "GHSA-j69x-v4wc-3fpf", "PYSEC-2023-314" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z7rt-fxe3-3udw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/218377?format=api", "vulnerability_id": "VCID-z9pc-46h3-pff1", "summary": "Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00041", "scoring_system": "epss", "scoring_elements": "0.12971", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-50783" }, { "reference_url": "https://github.com/advisories/GHSA-5938-79hg-xh3q", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5938-79hg-xh3q" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929" }, { "reference_url": "https://github.com/apache/airflow/pull/33932", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/33932" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml" }, { "reference_url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50783" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2023/12/21/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2023/12/21/4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/29828?format=api", "purl": "pkg:pypi/apache-airflow@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-619t-7b16-vbax" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-aau9-yvuf-qbcc" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-cjun-ju6c-1fes" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0" } ], "aliases": [ "BIT-airflow-2023-50783", "CVE-2023-50783", "GHSA-5938-79hg-xh3q", "PYSEC-2023-267" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z9pc-46h3-pff1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/108931?format=api", "vulnerability_id": "VCID-za5e-2ed7-zbeb", "summary": "Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67895", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.5756", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67895" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/12/16/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/12/16/3" }, { "reference_url": "https://github.com/apache/airflow/pull/59143", "reference_id": "59143", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-17T19:55:27Z/" } ], "url": "https://github.com/apache/airflow/pull/59143" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895", "reference_id": "CVE-2025-67895", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67895" }, { "reference_url": "https://github.com/advisories/GHSA-66h8-3g48-6hx8", "reference_id": "GHSA-66h8-3g48-6hx8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-66h8-3g48-6hx8" }, { "reference_url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs", "reference_id": "hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-17T19:55:27Z/" } ], "url": "https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/23685?format=api", "purl": "pkg:pypi/apache-airflow@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qcqk-eyx2-6bcg" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0" } ], "aliases": [ "CVE-2025-67895", "GHSA-66h8-3g48-6hx8", "PYSEC-2025-87" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-za5e-2ed7-zbeb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205058?format=api", "vulnerability_id": "VCID-3dmy-j4pr-3kb6", "summary": "Multiple stored XSS in RBAC Admin screens in Apache Airflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11983", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00411", "scoring_system": "epss", "scoring_elements": "0.61831", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11983" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11983", "reference_id": "CVE-2020-11983", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11983" }, { "reference_url": "https://github.com/advisories/GHSA-q4p3-qw5c-mhpc", "reference_id": "GHSA-q4p3-qw5c-mhpc", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q4p3-qw5c-mhpc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16771?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3dmy-j4pr-3kb6" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-ehpn-d1k9-4bak" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hpv8-57c6-2ub6" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jm9x-5mgd-z7ah" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/16769?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "BIT-airflow-2020-11983", "CVE-2020-11983", "GHSA-q4p3-qw5c-mhpc", "PYSEC-2020-17" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3dmy-j4pr-3kb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205059?format=api", "vulnerability_id": "VCID-ehpn-d1k9-4bak", "summary": "Insecure default config of Celery worker in Apache Airflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11982", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05664", "scoring_system": "epss", "scoring_elements": "0.90582", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11982" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/pull/13612", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/13612" }, { "reference_url": "https://github.com/apache/airflow/pull/7205", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/7205" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11982", "reference_id": "CVE-2020-11982", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11982" }, { "reference_url": "https://github.com/advisories/GHSA-9g2w-5f3v-mfmm", "reference_id": "GHSA-9g2w-5f3v-mfmm", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9g2w-5f3v-mfmm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16771?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3dmy-j4pr-3kb6" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-ehpn-d1k9-4bak" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hpv8-57c6-2ub6" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jm9x-5mgd-z7ah" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/16769?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "BIT-airflow-2020-11982", "CVE-2020-11982", "GHSA-9g2w-5f3v-mfmm", "PYSEC-2020-16" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehpn-d1k9-4bak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/153601?format=api", "vulnerability_id": "VCID-hpv8-57c6-2ub6", "summary": "The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default", "references": [ { "reference_url": "https://airflow.apache.org/docs/apache-airflow/1.10.11/security.html#api-authentication", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://airflow.apache.org/docs/apache-airflow/1.10.11/security.html#api-authentication" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94104", "scoring_system": "epss", "scoring_elements": "0.99912", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13927" }, { "reference_url": "https://github.com/advisories/GHSA-hhx9-p69v-cx2j", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-hhx9-p69v-cx2j" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/apache/airflow/commit/180bca4f993b7b778a8d2c65d3d357652218922b", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/180bca4f993b7b778a8d2c65d3d357652218922b" }, { "reference_url": "https://github.com/apache/airflow/commit/9e305d6b810a2a21e2591a80a80ec41acb3afed0", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/commit/9e305d6b810a2a21e2591a80a80ec41acb3afed0" }, { "reference_url": "https://github.com/apache/airflow/pull/9611", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/pull/9611" }, { "reference_url": "https://github.com/apache/airflow/pull/9611/commits/c8053e166d45ad519c0a1cd4480e025a759c176e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/airflow/pull/9611/commits/c8053e166d45ad519c0a1cd4480e025a759c176e" }, { "reference_url": "https://github.com/apache/airflow/releases/tag/1.10.11", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow/releases/tag/1.10.11" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-18.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-18.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13927", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13927" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13927", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13927" }, { "reference_url": "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_id": "Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/" } ], "url": "http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_id": "Apache-Airflow-1.10.10-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/" } ], "url": "http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html" }, { "reference_url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", "reference_id": "r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/" } ], "url": "https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16769?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "BIT-airflow-2020-13927", "CVE-2020-13927", "GHSA-hhx9-p69v-cx2j", "PYSEC-2020-18" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hpv8-57c6-2ub6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/205061?format=api", "vulnerability_id": "VCID-jm9x-5mgd-z7ah", "summary": "Stored XSS in Apache Airflow", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9485", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02134", "scoring_system": "epss", "scoring_elements": "0.84557", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9485" }, { "reference_url": "https://github.com/apache/airflow", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/airflow" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9485", "reference_id": "CVE-2020-9485", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9485" }, { "reference_url": "https://github.com/advisories/GHSA-j38c-25fj-mr84", "reference_id": "GHSA-j38c-25fj-mr84", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j38c-25fj-mr84" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16771?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3dmy-j4pr-3kb6" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-ehpn-d1k9-4bak" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hpv8-57c6-2ub6" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jm9x-5mgd-z7ah" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1" }, { "url": "http://public2.vulnerablecode.io/api/packages/16769?format=api", "purl": "pkg:pypi/apache-airflow@1.10.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-168u-zs7t-pqdf" }, { "vulnerability": "VCID-1fke-agqs-bkd1" }, { "vulnerability": "VCID-2r7f-dzef-dfcs" }, { "vulnerability": "VCID-2urm-nyak-63ew" }, { "vulnerability": "VCID-2w8y-kxer-s7e2" }, { "vulnerability": "VCID-3ep8-xwyq-q7d9" }, { "vulnerability": "VCID-4e1s-kjwm-4ffg" }, { "vulnerability": "VCID-4n4v-jv1f-1bgk" }, { "vulnerability": "VCID-4q46-3648-ckaq" }, { "vulnerability": "VCID-668v-1v1b-9bf2" }, { "vulnerability": "VCID-6a87-cq75-3ubt" }, { "vulnerability": "VCID-6smg-qne8-hfgj" }, { "vulnerability": "VCID-6vhk-pt43-nqbd" }, { "vulnerability": "VCID-6ywu-aujt-dfbz" }, { "vulnerability": "VCID-7ujj-9jbc-jfes" }, { "vulnerability": "VCID-881f-vbac-rucw" }, { "vulnerability": "VCID-8aa5-hyy9-e3f1" }, { "vulnerability": "VCID-8gmn-hbp1-4kbt" }, { "vulnerability": "VCID-8ze1-k1e3-huhc" }, { "vulnerability": "VCID-9fm3-h4pj-6kac" }, { "vulnerability": "VCID-9y7c-yxq4-f7ha" }, { "vulnerability": "VCID-akt3-fjpx-zbbd" }, { "vulnerability": "VCID-bjtj-v297-cbd7" }, { "vulnerability": "VCID-bw9q-wjgg-vqgs" }, { "vulnerability": "VCID-bwh8-43re-a3b8" }, { "vulnerability": "VCID-c2d5-ha3e-hkcd" }, { "vulnerability": "VCID-c2sx-75mh-afhd" }, { "vulnerability": "VCID-cjdt-c5b2-f7bb" }, { "vulnerability": "VCID-cn8p-pg33-83aa" }, { "vulnerability": "VCID-cnzs-6j9b-cfd2" }, { "vulnerability": "VCID-d6m3-rkux-pfaw" }, { "vulnerability": "VCID-es5x-ee29-6ue8" }, { "vulnerability": "VCID-etdd-wf1g-5yc6" }, { "vulnerability": "VCID-ex63-gwxe-tufh" }, { "vulnerability": "VCID-f5rh-fhtd-wyau" }, { "vulnerability": "VCID-fxxa-6sx4-yfhh" }, { "vulnerability": "VCID-g4qz-drbp-gqdp" }, { "vulnerability": "VCID-g4y4-92yj-r3ct" }, { "vulnerability": "VCID-gbn8-8y8d-gkgw" }, { "vulnerability": "VCID-gdht-hfnv-pqbm" }, { "vulnerability": "VCID-gfcb-gz5n-23fs" }, { "vulnerability": "VCID-h4r7-k7z1-6kgg" }, { "vulnerability": "VCID-he37-337a-r7ex" }, { "vulnerability": "VCID-hwhg-hxp4-qyeb" }, { "vulnerability": "VCID-jqkv-bj6f-mkh8" }, { "vulnerability": "VCID-k32s-e7tk-gfe7" }, { "vulnerability": "VCID-kgwq-4rwr-dybt" }, { "vulnerability": "VCID-kjra-gghm-sqg2" }, { "vulnerability": "VCID-nnbr-jmj5-v3c9" }, { "vulnerability": "VCID-nxm8-uma2-u3ed" }, { "vulnerability": "VCID-nz83-fzzb-5ucs" }, { "vulnerability": "VCID-p92v-jeew-eygn" }, { "vulnerability": "VCID-q4kq-54bn-2yfd" }, { "vulnerability": "VCID-qg14-ym9d-wuea" }, { "vulnerability": "VCID-qrdz-mth2-4kgd" }, { "vulnerability": "VCID-r2bq-ukcr-1fa3" }, { "vulnerability": "VCID-r91g-hqa7-zbep" }, { "vulnerability": "VCID-rnpn-qfdf-87aq" }, { "vulnerability": "VCID-sp29-t2bx-rfcu" }, { "vulnerability": "VCID-sxa8-9f89-bfdv" }, { "vulnerability": "VCID-tbn8-rdjn-nban" }, { "vulnerability": "VCID-tg1w-9bcx-6fg3" }, { "vulnerability": "VCID-ttb5-juj4-uugt" }, { "vulnerability": "VCID-u42p-urfu-83hn" }, { "vulnerability": "VCID-u7j1-ha9q-xkdd" }, { "vulnerability": "VCID-utkw-km71-efgd" }, { "vulnerability": "VCID-utwq-nekz-f7de" }, { "vulnerability": "VCID-uyfw-cw7q-gubj" }, { "vulnerability": "VCID-vnaq-tba8-ykag" }, { "vulnerability": "VCID-vxqr-wyq5-6yge" }, { "vulnerability": "VCID-vymx-nqhb-pfht" }, { "vulnerability": "VCID-wpnx-wvj6-2khc" }, { "vulnerability": "VCID-xcmz-3we1-gucg" }, { "vulnerability": "VCID-xkmg-g2wz-hfd2" }, { "vulnerability": "VCID-z7rt-fxe3-3udw" }, { "vulnerability": "VCID-z9pc-46h3-pff1" }, { "vulnerability": "VCID-za5e-2ed7-zbeb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" } ], "aliases": [ "BIT-airflow-2020-9485", "CVE-2020-9485", "GHSA-j38c-25fj-mr84", "PYSEC-2020-23" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jm9x-5mgd-z7ah" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11" }