| 0 |
| url |
VCID-168u-zs7t-pqdf |
| vulnerability_id |
VCID-168u-zs7t-pqdf |
| summary |
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.
Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
Note: the vulnerability is about the information exposed in the logs not about accessing the logs.
This issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.
Users are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 9 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 10 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 11 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 12 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 13 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 14 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 15 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 16 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
CVE-2023-46215, GHSA-666g-rfc5-c9jv
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-168u-zs7t-pqdf |
|
| 1 |
| url |
VCID-1fke-agqs-bkd1 |
| vulnerability_id |
VCID-1fke-agqs-bkd1 |
| summary |
Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.
Users should upgrade to 2.10.0 or later, which fixes this vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/40933 |
| reference_id |
40933 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/40933 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.10.0 |
| purl |
pkg:pypi/apache-airflow@2.10.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 3 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 4 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 7 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 8 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 9 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 10 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 11 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 12 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 13 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 14 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 15 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 16 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 17 |
| vulnerability |
VCID-u7dn-13j9-jkex |
|
| 18 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 19 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 20 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0 |
|
|
| aliases |
BIT-airflow-2024-41937, CVE-2024-41937, GHSA-w7cp-g8v7-r54m, PYSEC-2024-181
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1fke-agqs-bkd1 |
|
| 2 |
| url |
VCID-2r7f-dzef-dfcs |
| vulnerability_id |
VCID-2r7f-dzef-dfcs |
| summary |
We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then.
Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.3 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
| reference_id |
1 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
|
| 9 |
| reference_url |
https://github.com/apache/airflow/pull/33413 |
| reference_id |
33413 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33413 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 7 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 8 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 9 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 10 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 11 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 12 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 13 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 14 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 15 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 16 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 17 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 18 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 19 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 20 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 21 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 22 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 23 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 24 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 25 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 26 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 27 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 28 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 29 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 30 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 31 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 32 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
BIT-airflow-2023-47037, CVE-2023-47037, GHSA-hm9r-7f84-25c9, PYSEC-2023-232
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7f-dzef-dfcs |
|
| 3 |
| url |
VCID-2urm-nyak-63ew |
| vulnerability_id |
VCID-2urm-nyak-63ew |
| summary |
Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/32052 |
| reference_id |
32052 |
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |
|
| 1 |
| value |
7.2 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32052 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0b1 |
| purl |
pkg:pypi/apache-airflow@2.7.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 9 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 10 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 11 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 12 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 13 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 14 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 15 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 16 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
BIT-airflow-2023-37379, CVE-2023-37379, GHSA-x2mh-8fmc-rqgh, PYSEC-2023-152
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2urm-nyak-63ew |
|
| 4 |
| url |
VCID-2w8y-kxer-s7e2 |
| vulnerability_id |
VCID-2w8y-kxer-s7e2 |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/36257 |
| reference_id |
36257 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/36257 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 7 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 8 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 9 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 10 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 18 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 19 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 20 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 21 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 22 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 23 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 24 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 25 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 26 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 27 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 28 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 29 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 4 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 5 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 6 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 7 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 8 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 9 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 10 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 11 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 12 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 13 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 14 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 15 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 16 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 17 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 18 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 19 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 20 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 21 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 22 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 23 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 24 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 25 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 26 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 27 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
BIT-airflow-2023-50944, CVE-2023-50944, GHSA-vm5m-qmrx-fw8w, PYSEC-2024-14
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-2w8y-kxer-s7e2 |
|
| 5 |
| url |
VCID-3ep8-xwyq-q7d9 |
| vulnerability_id |
VCID-3ep8-xwyq-q7d9 |
| summary |
Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-3ep8-xwyq-q7d9 |
|
| 6 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 7 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 8 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6vhk-pt43-nqbd |
|
| 12 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 13 |
| vulnerability |
VCID-7ujj-9jbc-jfes |
|
| 14 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 15 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 16 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 17 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 18 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 19 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 20 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 21 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 22 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 23 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 24 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 25 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 26 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 27 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 28 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 29 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 30 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 31 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 32 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 33 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 34 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 35 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 36 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 37 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 38 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 39 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 40 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 41 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 42 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 43 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 44 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 45 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 46 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 47 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 48 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 49 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 50 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 51 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 52 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 53 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 54 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 55 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 56 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 57 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 58 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 59 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 60 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 61 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 62 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 63 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 64 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 65 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 66 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 67 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 68 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 69 |
| vulnerability |
VCID-xkmg-g2wz-hfd2 |
|
| 70 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 71 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6vhk-pt43-nqbd |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-7ujj-9jbc-jfes |
|
| 13 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 14 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 15 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 19 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 20 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 21 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 22 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 23 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 24 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 25 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 26 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 27 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 28 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 29 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 30 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 31 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 32 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 33 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 34 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 35 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 36 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 37 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 38 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 39 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 40 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 41 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 42 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 43 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 44 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 45 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 46 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 47 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 48 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 49 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 50 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 51 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 52 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 53 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 54 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 55 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 56 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 57 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 58 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 59 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 60 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 61 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 62 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 63 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 64 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 65 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 66 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 67 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 68 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 69 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
BIT-airflow-2021-26559, CVE-2021-26559, GHSA-ffw3-6mp6-jmvj, PYSEC-2021-2
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-3ep8-xwyq-q7d9 |
|
| 6 |
| url |
VCID-4e1s-kjwm-4ffg |
| vulnerability_id |
VCID-4e1s-kjwm-4ffg |
| summary |
Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 2 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb |
| reference_id |
17rxys384lzfd6nhm3fztzgvk47zy7jb |
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/ |
|
|
| url |
https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/43123 |
| reference_id |
43123 |
| reference_type |
|
| scores |
| 0 |
| value |
4.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
2.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
|
| 3 |
| value |
LOW |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/43123 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.10.3 |
| purl |
pkg:pypi/apache-airflow@2.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 2 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 3 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 4 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 5 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 6 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 7 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 8 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 9 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 10 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 11 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 12 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 13 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 14 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 15 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 16 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3 |
|
|
| aliases |
CVE-2024-50378, GHSA-j857-2pwm-jjmm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1s-kjwm-4ffg |
|
| 7 |
| url |
VCID-4n4v-jv1f-1bgk |
| vulnerability_id |
VCID-4n4v-jv1f-1bgk |
| summary |
The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value
from xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary
execution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.
It does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however
users following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of
the example with improved resiliance for that case.
Users who followed that pattern are advised to adjust their implementations accordingly. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.2.0 |
| purl |
pkg:pypi/apache-airflow@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-7nmp-wvjt-5qcd |
|
| 2 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 3 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 4 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 5 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 6 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 7 |
| vulnerability |
VCID-r4gm-ygr6-4ffs |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 10 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 11 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 12 |
| vulnerability |
VCID-y78u-y824-afc4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0 |
|
|
| aliases |
CVE-2025-54550, GHSA-q2hg-643c-gw8h
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4n4v-jv1f-1bgk |
|
| 8 |
| url |
VCID-4q46-3648-ckaq |
| vulnerability_id |
VCID-4q46-3648-ckaq |
| summary |
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/25960 |
| reference_id |
25960 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/25960 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.0 |
| purl |
pkg:pypi/apache-airflow@2.4.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 42 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 43 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 44 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 45 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 46 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 47 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 48 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 49 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 50 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 51 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 52 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 53 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 54 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 55 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 56 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 57 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0 |
|
|
| aliases |
BIT-airflow-2022-40127, CVE-2022-40127, GHSA-6pw3-8h9w-32gc, PYSEC-2022-42982
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4q46-3648-ckaq |
|
| 9 |
| url |
VCID-668v-1v1b-9bf2 |
| vulnerability_id |
VCID-668v-1v1b-9bf2 |
| summary |
Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow.
Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.
This issue affects Apache Airflow: before 2.9.2.
Users are recommended to upgrade to version 2.9.2, which fixes the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.9.2 |
| purl |
pkg:pypi/apache-airflow@2.9.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 4 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 5 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 6 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 7 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 8 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 9 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 10 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 11 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 12 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 13 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 14 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 15 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 16 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 17 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 18 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 19 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 20 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 21 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 22 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2 |
|
|
| aliases |
BIT-airflow-2024-25142, CVE-2024-25142, GHSA-9xpj-62mm-24h2, PYSEC-2024-195
|
| risk_score |
2.5 |
| exploitability |
0.5 |
| weighted_severity |
5.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-668v-1v1b-9bf2 |
|
| 10 |
| url |
VCID-6smg-qne8-hfgj |
| vulnerability_id |
VCID-6smg-qne8-hfgj |
| summary |
Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
This is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2
Users of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 7 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 8 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 9 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 10 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 18 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 19 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 20 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 21 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 22 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 23 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 24 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 25 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 26 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 27 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 28 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 29 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
BIT-airflow-2023-48291, CVE-2023-48291, GHSA-8f57-wcmg-4jmh, PYSEC-2023-265
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6smg-qne8-hfgj |
|
| 11 |
| url |
VCID-6vhk-pt43-nqbd |
| vulnerability_id |
VCID-6vhk-pt43-nqbd |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-7ujj-9jbc-jfes |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 22 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 23 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 24 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 25 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 26 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 27 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 28 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 29 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 30 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 31 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 32 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 33 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 34 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 35 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 36 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 37 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 38 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 39 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 40 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 41 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 42 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 43 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 44 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 45 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 46 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 47 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 48 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 49 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 50 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 51 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 52 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 53 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 54 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 55 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 56 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 57 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 58 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 59 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 60 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 61 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 62 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 63 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 64 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 65 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 66 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 67 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 68 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2rc1 |
|
|
| aliases |
BIT-airflow-2020-17515, CVE-2020-17515, GHSA-86vp-x3pr-79rx, PYSEC-2020-21
|
| risk_score |
0.1 |
| exploitability |
0.5 |
| weighted_severity |
0.1 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6vhk-pt43-nqbd |
|
| 12 |
| url |
VCID-6ywu-aujt-dfbz |
| vulnerability_id |
VCID-6ywu-aujt-dfbz |
| summary |
The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).
With this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.
Users of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://www.openwall.com/lists/oss-security/2023/08/23/1 |
| reference_id |
1 |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://www.openwall.com/lists/oss-security/2023/08/23/1 |
|
| 8 |
| reference_url |
https://github.com/apache/airflow/pull/33347 |
| reference_id |
33347 |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33347 |
|
| 9 |
| reference_url |
https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj |
| reference_id |
9rdmv8ln4y4ncbyrlmjrsj903x4l80nj |
| reference_type |
|
| scores |
| 0 |
| value |
8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.0 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
|
| 2 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/ |
|
|
| url |
https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0rc2 |
| purl |
pkg:pypi/apache-airflow@2.7.0rc2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.7.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.7.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 9 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 10 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 11 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 12 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 13 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 14 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 15 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 18 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 19 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 20 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 21 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 22 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 23 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 24 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 25 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 26 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 27 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 28 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 29 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 30 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 31 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 32 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 33 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 34 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 35 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 36 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 37 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 38 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 39 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 40 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 41 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1 |
|
|
| aliases |
BIT-airflow-2023-40273, CVE-2023-40273, GHSA-pm87-24wq-r8w9, PYSEC-2023-158
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6ywu-aujt-dfbz |
|
| 13 |
| url |
VCID-7ujj-9jbc-jfes |
| vulnerability_id |
VCID-7ujj-9jbc-jfes |
| summary |
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-3xxv-p78r-4fc6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-3xxv-p78r-4fc6 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.2 |
| purl |
pkg:pypi/apache-airflow@2.0.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 23 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 24 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 25 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 26 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 27 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 28 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 29 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 30 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 31 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 32 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 33 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 34 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 35 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 36 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 37 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 38 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 39 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 40 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 41 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 42 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 43 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 44 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 45 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 46 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 47 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 48 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 49 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 50 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 51 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 52 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 53 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 54 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 55 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 56 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 57 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 58 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 59 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 60 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 61 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 62 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 63 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 64 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 65 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 66 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 67 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2 |
|
|
| aliases |
BIT-airflow-2021-28359, CVE-2021-28359, GHSA-3xxv-p78r-4fc6, PYSEC-2021-4
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ujj-9jbc-jfes |
|
| 14 |
| url |
VCID-881f-vbac-rucw |
| vulnerability_id |
VCID-881f-vbac-rucw |
| summary |
When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG.
The issue has been fixed in Airflow 3.1.4 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.11.1 |
| purl |
pkg:pypi/apache-airflow@2.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 2 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 3 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 4 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 5 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 6 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 7 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 10 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 11 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 12 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@3.1.5rc1 |
| purl |
pkg:pypi/apache-airflow@3.1.5rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-5r2q-cc18-v7cx |
|
| 3 |
| vulnerability |
VCID-7q3b-su3j-y7b4 |
|
| 4 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-ap8j-6689-kfgd |
|
| 7 |
| vulnerability |
VCID-bftx-1hw8-z7f1 |
|
| 8 |
| vulnerability |
VCID-bkwd-x3qh-57ga |
|
| 9 |
| vulnerability |
VCID-bva2-dpg3-m7hv |
|
| 10 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 11 |
| vulnerability |
VCID-f41w-9d6d-wbgf |
|
| 12 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 13 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 14 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 15 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 16 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 17 |
| vulnerability |
VCID-srr5-3rxv-rkg8 |
|
| 18 |
| vulnerability |
VCID-szqt-j7av-dqde |
|
| 19 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 20 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 21 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 22 |
| vulnerability |
VCID-typh-t13h-w3g1 |
|
| 23 |
| vulnerability |
VCID-u2bm-499h-2qfh |
|
| 24 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 25 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 26 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 27 |
| vulnerability |
VCID-yvkr-2un4-cyfg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.5rc1 |
|
|
| aliases |
CVE-2025-65995, GHSA-gfw7-2v73-69wg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-881f-vbac-rucw |
|
| 15 |
| url |
VCID-8aa5-hyy9-e3f1 |
| vulnerability_id |
VCID-8aa5-hyy9-e3f1 |
| summary |
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-48726, CVE-2026-48726, PYSEC-2026-187
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8aa5-hyy9-e3f1 |
|
| 16 |
| url |
VCID-8gmn-hbp1-4kbt |
| vulnerability_id |
VCID-8gmn-hbp1-4kbt |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/32014 |
| reference_id |
32014 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32014 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-35908, CVE-2023-35908, GHSA-2h84-3crq-vgfj, PYSEC-2023-119
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8gmn-hbp1-4kbt |
|
| 17 |
| url |
VCID-8ze1-k1e3-huhc |
| vulnerability_id |
VCID-8ze1-k1e3-huhc |
| summary |
DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.
The functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.11.1 |
| purl |
pkg:pypi/apache-airflow@2.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 2 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 3 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 4 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 5 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 6 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 7 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 10 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 11 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 12 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1 |
|
|
| aliases |
CVE-2024-56373, GHSA-r837-hpv7-pc2f
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8ze1-k1e3-huhc |
|
| 18 |
| url |
VCID-9y7c-yxq4-f7ha |
| vulnerability_id |
VCID-9y7c-yxq4-f7ha |
| summary |
A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-42360, CVE-2026-42360, PYSEC-2026-172
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9y7c-yxq4-f7ha |
|
| 19 |
| url |
VCID-akt3-fjpx-zbbd |
| vulnerability_id |
VCID-akt3-fjpx-zbbd |
| summary |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 28 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 29 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 30 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 31 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 32 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 33 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 34 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 35 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 36 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 41 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 42 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 43 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 44 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 57 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 58 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 59 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 60 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 61 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 62 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-41131, GHSA-cm43-f2pv-6v68
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-akt3-fjpx-zbbd |
|
| 20 |
| url |
VCID-bjtj-v297-cbd7 |
| vulnerability_id |
VCID-bjtj-v297-cbd7 |
| summary |
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.10.3 |
| purl |
pkg:pypi/apache-airflow@2.10.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 2 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 3 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 4 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 5 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 6 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 7 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 8 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 9 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 10 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 11 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 12 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 13 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 14 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 15 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 16 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3 |
|
|
| aliases |
BIT-airflow-2024-45784, CVE-2024-45784, GHSA-46c3-5xc5-wwhv, PYSEC-2024-182
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bjtj-v297-cbd7 |
|
| 21 |
| url |
VCID-bw9q-wjgg-vqgs |
| vulnerability_id |
VCID-bw9q-wjgg-vqgs |
| summary |
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.
The default SSL context with SSL library did not check a server's X.509 certificate. Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.
Users are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.0 |
| purl |
pkg:pypi/apache-airflow@2.7.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 9 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 10 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 11 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 12 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 13 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 14 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 15 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 16 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0 |
|
|
| aliases |
CVE-2023-39441, GHSA-5f35-pq34-c87q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9q-wjgg-vqgs |
|
| 22 |
| url |
VCID-bwh8-43re-a3b8 |
| vulnerability_id |
VCID-bwh8-43re-a3b8 |
| summary |
Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/40475 |
| reference_id |
40475 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/40475 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 |
| reference_id |
gxkvs279f1mbvckv5q65worr6how20o3 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 2 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 4 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/ |
|
|
| url |
https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.9.3 |
| purl |
pkg:pypi/apache-airflow@2.9.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 4 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 5 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 6 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 7 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 8 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 9 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 10 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 11 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 12 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 13 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 14 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 15 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 16 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 17 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 18 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 19 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 20 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3 |
|
|
| aliases |
BIT-airflow-2024-39863, CVE-2024-39863, GHSA-j482-47xf-p25c, PYSEC-2024-189
|
| risk_score |
3.6 |
| exploitability |
0.5 |
| weighted_severity |
7.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-bwh8-43re-a3b8 |
|
| 23 |
| url |
VCID-c2d5-ha3e-hkcd |
| vulnerability_id |
VCID-c2d5-ha3e-hkcd |
| summary |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 28 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 29 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 30 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 31 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 32 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 33 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 34 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 35 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 36 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 41 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 42 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 43 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 44 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 57 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 58 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 59 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 60 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 61 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 62 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-38649, GHSA-7wqf-h36w-47mc
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2d5-ha3e-hkcd |
|
| 24 |
| url |
VCID-c2sx-75mh-afhd |
| vulnerability_id |
VCID-c2sx-75mh-afhd |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.
Apache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.
This issue affects Apache Airflow Drill Provider: before 2.4.3.
It is recommended to upgrade to a version that is not affected. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/33074 |
| reference_id |
33074 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33074 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 38 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 39 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 40 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 41 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 42 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 43 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 44 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 45 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 46 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 47 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 48 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 49 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 50 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 51 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 52 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
CVE-2023-39553, GHSA-mq4v-6vg4-796c, PYSEC-2023-136
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-c2sx-75mh-afhd |
|
| 25 |
| url |
VCID-cjdt-c5b2-f7bb |
| vulnerability_id |
VCID-cjdt-c5b2-f7bb |
| summary |
Improper Privilege Management in apache-airflow |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.0 |
| purl |
pkg:pypi/apache-airflow@2.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 28 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 29 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 30 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 31 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 32 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 33 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 34 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 35 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 36 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 41 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 42 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 43 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 44 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 57 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 58 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 59 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 60 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 61 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 62 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 63 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 64 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0 |
|
|
| aliases |
BIT-airflow-2021-45230, CVE-2021-45230, GHSA-4jh2-3c85-q67h, PYSEC-2022-11
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cjdt-c5b2-f7bb |
|
| 26 |
| url |
VCID-cn8p-pg33-83aa |
| vulnerability_id |
VCID-cn8p-pg33-83aa |
| summary |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.5.1 |
| purl |
pkg:pypi/apache-airflow@2.5.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 38 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 39 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 40 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 41 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 42 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 43 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 44 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 45 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 46 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 47 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 48 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 49 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 50 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 51 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 52 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1 |
|
|
| aliases |
CVE-2023-22884, GHSA-c732-xvv8-g94c
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cn8p-pg33-83aa |
|
| 27 |
| url |
VCID-cnzs-6j9b-cfd2 |
| vulnerability_id |
VCID-cnzs-6j9b-cfd2 |
| summary |
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/22754 |
| reference_id |
22754 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/22754 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.1 |
| purl |
pkg:pypi/apache-airflow@2.3.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 24 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 25 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 26 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 27 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 28 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 29 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 30 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 31 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 32 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 33 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 34 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 35 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 36 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 37 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 38 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 39 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 40 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 41 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 42 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 43 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 44 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 45 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 46 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 47 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 48 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 49 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 50 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 51 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 52 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 53 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 54 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 55 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 56 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 57 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 58 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 59 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 60 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 61 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1 |
|
|
| aliases |
BIT-airflow-2022-27949, CVE-2022-27949, GHSA-fvw2-2pf7-77vw, PYSEC-2022-42981
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cnzs-6j9b-cfd2 |
|
| 28 |
| url |
VCID-d6m3-rkux-pfaw |
| vulnerability_id |
VCID-d6m3-rkux-pfaw |
| summary |
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.
Users of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 9 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 10 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 11 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 12 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 13 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 14 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 15 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 16 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 17 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 18 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 19 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 20 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 21 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 22 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 23 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 24 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 25 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 26 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 27 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 28 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 29 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 30 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 31 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 32 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 33 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 34 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42792, CVE-2023-42792, GHSA-j3w8-2p2h-mrr9, PYSEC-2023-203
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-d6m3-rkux-pfaw |
|
| 29 |
| url |
VCID-es5x-ee29-6ue8 |
| vulnerability_id |
VCID-es5x-ee29-6ue8 |
| summary |
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user.
Users are recommended to upgrade to version 3.2.1 , which fixes this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-38743, GHSA-p3v3-229h-mc63
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-es5x-ee29-6ue8 |
|
| 30 |
| url |
VCID-etdd-wf1g-5yc6 |
| vulnerability_id |
VCID-etdd-wf1g-5yc6 |
| summary |
Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author.
Users are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/41672 |
| reference_id |
41672 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/41672 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.10.1 |
| purl |
pkg:pypi/apache-airflow@2.10.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 3 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 4 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 7 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 8 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 9 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 10 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 11 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 12 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 13 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 14 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 15 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 16 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 17 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 18 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1 |
|
|
| aliases |
BIT-airflow-2024-45034, CVE-2024-45034, GHSA-92xg-gmrq-5c3w, PYSEC-2024-212
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-etdd-wf1g-5yc6 |
|
| 31 |
| url |
VCID-ex63-gwxe-tufh |
| vulnerability_id |
VCID-ex63-gwxe-tufh |
| summary |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 28 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 29 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 30 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 31 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 32 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 33 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 34 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 35 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 36 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 41 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 42 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 43 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 44 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 57 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 58 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 59 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 60 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 61 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 62 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-40189, GHSA-rmf2-pwfq-h75j
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ex63-gwxe-tufh |
|
| 32 |
| url |
VCID-f5rh-fhtd-wyau |
| vulnerability_id |
VCID-f5rh-fhtd-wyau |
| summary |
A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-40861, CVE-2026-40861, PYSEC-2026-181
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rh-fhtd-wyau |
|
| 33 |
| url |
VCID-fxxa-6sx4-yfhh |
| vulnerability_id |
VCID-fxxa-6sx4-yfhh |
| summary |
If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-m6h2-jx9v-58w6 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-m6h2-jx9v-58w6 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.1.2 |
| purl |
pkg:pypi/apache-airflow@2.1.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 23 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 24 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 25 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 26 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 27 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 28 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 29 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 30 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 31 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 32 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 33 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 34 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 35 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 36 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 37 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 38 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 39 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 40 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 41 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 42 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 43 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 44 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 45 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 46 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 47 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 48 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 49 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 50 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 51 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 52 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 53 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 54 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 55 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 56 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 57 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 58 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 59 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 60 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 61 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 62 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 63 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 64 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 65 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 66 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2 |
|
|
| aliases |
BIT-airflow-2021-35936, CVE-2021-35936, GHSA-m6h2-jx9v-58w6, PYSEC-2021-122
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-fxxa-6sx4-yfhh |
|
| 34 |
| url |
VCID-g4qz-drbp-gqdp |
| vulnerability_id |
VCID-g4qz-drbp-gqdp |
| summary |
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/36255 |
| reference_id |
36255 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/36255 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.8.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 7 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 8 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 9 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 10 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 18 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 19 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 20 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 21 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 22 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 23 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 24 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 25 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 26 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 27 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 28 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 29 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.8.1 |
| purl |
pkg:pypi/apache-airflow@2.8.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 4 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 5 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 6 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 7 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 8 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 9 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 10 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 11 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 12 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 13 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 14 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 15 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 16 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 17 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 18 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 19 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 20 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 21 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 22 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 23 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 24 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 25 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 26 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 27 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1 |
|
|
| aliases |
BIT-airflow-2023-50943, CVE-2023-50943, GHSA-c3c6-f2ww-xfr2, PYSEC-2024-13
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g4qz-drbp-gqdp |
|
| 35 |
| url |
VCID-g4y4-92yj-r3ct |
| vulnerability_id |
VCID-g4y4-92yj-r3ct |
| summary |
Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/32060 |
| reference_id |
32060 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32060 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-36543, CVE-2023-36543, GHSA-3h4m-m55v-gx4m, PYSEC-2023-106
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g4y4-92yj-r3ct |
|
| 36 |
| url |
VCID-gbn8-8y8d-gkgw |
| vulnerability_id |
VCID-gbn8-8y8d-gkgw |
| summary |
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to.
Users are advised to upgrade to 3.1.7 or later, which resolves this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.7 |
| purl |
pkg:pypi/apache-airflow@3.1.7 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-5r2q-cc18-v7cx |
|
| 3 |
| vulnerability |
VCID-7q3b-su3j-y7b4 |
|
| 4 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-ap8j-6689-kfgd |
|
| 7 |
| vulnerability |
VCID-bkwd-x3qh-57ga |
|
| 8 |
| vulnerability |
VCID-bva2-dpg3-m7hv |
|
| 9 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 10 |
| vulnerability |
VCID-f41w-9d6d-wbgf |
|
| 11 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 12 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 13 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 14 |
| vulnerability |
VCID-szqt-j7av-dqde |
|
| 15 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 16 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 17 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 18 |
| vulnerability |
VCID-typh-t13h-w3g1 |
|
| 19 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 20 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 21 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 22 |
| vulnerability |
VCID-yvkr-2un4-cyfg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.7 |
|
|
| aliases |
BIT-airflow-2026-24098, CVE-2026-24098, GHSA-5g2w-9f8g-g5q7, PYSEC-2026-12
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gbn8-8y8d-gkgw |
|
| 37 |
| url |
VCID-gdht-hfnv-pqbm |
| vulnerability_id |
VCID-gdht-hfnv-pqbm |
| summary |
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/05/08/2 |
| reference_id |
2 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/05/08/2 |
|
| 9 |
| reference_url |
https://github.com/apache/airflow/pull/29506 |
| reference_id |
29506 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29506 |
|
| 10 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 38 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 39 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 40 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 41 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 42 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 43 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 44 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 45 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 46 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 47 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 48 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 49 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 50 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 51 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 32 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 33 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 34 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 35 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 36 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 37 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 38 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 39 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 40 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 41 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 42 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 43 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 44 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 45 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 46 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 47 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 48 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 49 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-25754, CVE-2023-25754, GHSA-jchm-fm4q-c2fp, PYSEC-2023-59
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gdht-hfnv-pqbm |
|
| 38 |
| url |
VCID-gfcb-gz5n-23fs |
| vulnerability_id |
VCID-gfcb-gz5n-23fs |
| summary |
Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/30215 |
| reference_id |
30215 |
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30215 |
|
| 8 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.2 |
| purl |
pkg:pypi/apache-airflow@2.3.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 24 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 25 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 26 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 27 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 28 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 29 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 30 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 31 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 32 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 33 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 34 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 35 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 36 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 37 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 38 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 39 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 40 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 41 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 42 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 43 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 44 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 45 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 46 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 47 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 48 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 49 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 50 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 51 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 52 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 53 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 54 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 55 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 56 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 57 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 58 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 59 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 60 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2 |
|
|
| aliases |
CVE-2023-28707, GHSA-85pf-r4c7-3j9r, PYSEC-2023-3
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-gfcb-gz5n-23fs |
|
| 39 |
| url |
VCID-h4r7-k7z1-6kgg |
| vulnerability_id |
VCID-h4r7-k7z1-6kgg |
| summary |
Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-45360, CVE-2026-45360, PYSEC-2026-186
|
| risk_score |
3.3 |
| exploitability |
0.5 |
| weighted_severity |
6.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-h4r7-k7z1-6kgg |
|
| 40 |
| url |
VCID-he37-337a-r7ex |
| vulnerability_id |
VCID-he37-337a-r7ex |
| summary |
Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 9 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 10 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 11 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 12 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 13 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 14 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 15 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 16 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 17 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 18 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 19 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 20 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 21 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 22 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 23 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 24 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 25 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 26 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 27 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 28 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 29 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 30 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 31 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 32 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 33 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 34 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42663, CVE-2023-42663, GHSA-32wr-qqw6-5mfp, PYSEC-2023-197
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-he37-337a-r7ex |
|
| 41 |
| url |
VCID-hwhg-hxp4-qyeb |
| vulnerability_id |
VCID-hwhg-hxp4-qyeb |
| summary |
Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/30447 |
| reference_id |
30447 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30447 |
|
| 8 |
| reference_url |
https://github.com/apache/airflow/pull/30779 |
| reference_id |
30779 |
| reference_type |
|
| scores |
| 0 |
| value |
5.4 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/30779 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 32 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 33 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 34 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 35 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 36 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 37 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 38 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 39 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 40 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 41 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 42 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 43 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 44 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 45 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 46 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 47 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 48 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 49 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-29247, CVE-2023-29247, GHSA-vcf6-3wv2-5vcr, PYSEC-2023-60
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-hwhg-hxp4-qyeb |
|
| 42 |
| url |
VCID-k32s-e7tk-gfe7 |
| vulnerability_id |
VCID-k32s-e7tk-gfe7 |
| summary |
Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. This is a different issue than CVE-2023-42663 but leading to similar outcome.
Users of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/34939 |
| reference_id |
34939 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/34939 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.3 |
| purl |
pkg:pypi/apache-airflow@2.7.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 7 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 8 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 9 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 10 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 11 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 12 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 13 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 14 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 15 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 16 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 17 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 18 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 19 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 20 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 21 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 22 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 23 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 24 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 25 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 26 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 27 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 28 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 29 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 30 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 31 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 32 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3 |
|
|
| aliases |
BIT-airflow-2023-42781, CVE-2023-42781, GHSA-r7x6-xfcm-3mxv, PYSEC-2023-231
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-k32s-e7tk-gfe7 |
|
| 43 |
| url |
VCID-kgwq-4rwr-dybt |
| vulnerability_id |
VCID-kgwq-4rwr-dybt |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/32293 |
| reference_id |
32293 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32293 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-22887, CVE-2023-22887, GHSA-ggwr-4vr8-g7wv, PYSEC-2023-104
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kgwq-4rwr-dybt |
|
| 44 |
| url |
VCID-kjra-gghm-sqg2 |
| vulnerability_id |
VCID-kjra-gghm-sqg2 |
| summary |
Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378 |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.11.1 |
| purl |
pkg:pypi/apache-airflow@2.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 2 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 3 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 4 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 5 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 6 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 7 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 10 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 11 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 12 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1 |
|
|
| aliases |
CVE-2025-27555, GHSA-8r55-rv5w-6pfm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-kjra-gghm-sqg2 |
|
| 45 |
| url |
VCID-nnbr-jmj5-v3c9 |
| vulnerability_id |
VCID-nnbr-jmj5-v3c9 |
| summary |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed). |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.0 |
| purl |
pkg:pypi/apache-airflow@2.3.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 28 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 29 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 30 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 31 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 32 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 33 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 34 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 35 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 36 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 41 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 42 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 43 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 44 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 57 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 58 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 59 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 60 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 61 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 62 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0 |
|
|
| aliases |
CVE-2022-40954, GHSA-45r6-j3cc-6mxx
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nnbr-jmj5-v3c9 |
|
| 46 |
| url |
VCID-nxm8-uma2-u3ed |
| vulnerability_id |
VCID-nxm8-uma2-u3ed |
| summary |
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/27143 |
| reference_id |
27143 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/27143 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 42 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 43 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 44 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 45 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 46 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 47 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 48 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 49 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 50 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 51 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 52 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 53 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 54 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 55 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 56 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 38 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 39 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 40 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 41 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 42 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 43 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 44 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 45 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 46 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 47 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 48 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 49 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 50 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 51 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 52 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 53 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 54 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
BIT-airflow-2022-43982, CVE-2022-43982, GHSA-h63r-9xxf-f2c7, PYSEC-2022-42970
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nxm8-uma2-u3ed |
|
| 47 |
| url |
VCID-nz83-fzzb-5ucs |
| vulnerability_id |
VCID-nz83-fzzb-5ucs |
| summary |
The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data.
If you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.1.8 |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.8 |
| purl |
pkg:pypi/apache-airflow@3.1.8 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-5r2q-cc18-v7cx |
|
| 3 |
| vulnerability |
VCID-6vv8-kr7f-mubf |
|
| 4 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-ap8j-6689-kfgd |
|
| 7 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 8 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 9 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 10 |
| vulnerability |
VCID-szqt-j7av-dqde |
|
| 11 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 12 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 13 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 14 |
| vulnerability |
VCID-typh-t13h-w3g1 |
|
| 15 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 16 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 17 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 18 |
| vulnerability |
VCID-yvkr-2un4-cyfg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8 |
|
|
| aliases |
CVE-2026-25219, GHSA-4g48-54q2-fg7q
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-nz83-fzzb-5ucs |
|
| 48 |
| url |
VCID-p92v-jeew-eygn |
| vulnerability_id |
VCID-p92v-jeew-eygn |
| summary |
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/29501 |
| reference_id |
29501 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29501 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.5.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.5.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 38 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 39 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 40 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 41 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 42 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 43 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 44 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 45 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 46 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 47 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 48 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 49 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 50 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 51 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 52 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.5.2 |
| purl |
pkg:pypi/apache-airflow@2.5.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 38 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 39 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 40 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 41 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 42 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 43 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 44 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 45 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 46 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 47 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 48 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 49 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 50 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 51 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2 |
|
|
| aliases |
BIT-airflow-2023-25695, CVE-2023-25695, GHSA-h6g5-wqqr-3mw3, PYSEC-2023-2
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-p92v-jeew-eygn |
|
| 49 |
| url |
VCID-q4kq-54bn-2yfd |
| vulnerability_id |
VCID-q4kq-54bn-2yfd |
| summary |
In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
| reference_url |
https://github.com/apache/airflow/pull/27143 |
| reference_id |
27143 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/27143 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 42 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 43 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 44 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 45 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 46 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 47 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 48 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 49 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 50 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 51 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 52 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 53 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 54 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 55 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 56 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2 |
| purl |
pkg:pypi/apache-airflow@2.4.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 38 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 39 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 40 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 41 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 42 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 43 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 44 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 45 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 46 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 47 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 48 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 49 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 50 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 51 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 52 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 53 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 54 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2 |
|
|
| aliases |
BIT-airflow-2022-43985, CVE-2022-43985, GHSA-f9fq-78ch-4wmj, PYSEC-2022-42971
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-q4kq-54bn-2yfd |
|
| 50 |
| url |
VCID-qcqk-eyx2-6bcg |
| vulnerability_id |
VCID-qcqk-eyx2-6bcg |
| summary |
Missing Authentication for Critical Function in Apache Airflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/advisories/GHSA-h88f-r7cw-8fv3 |
| reference_id |
GHSA-h88f-r7cw-8fv3 |
| reference_type |
|
| scores |
| 0 |
| value |
9.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
CRITICAL |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
9.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
CRITICAL |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-h88f-r7cw-8fv3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.1.3 |
| purl |
pkg:pypi/apache-airflow@2.1.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 23 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 24 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 25 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 26 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 27 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 28 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 29 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 30 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 31 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 32 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 33 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 34 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 35 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 36 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 37 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 38 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 39 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 40 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 41 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 42 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 43 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 44 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 45 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 46 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 47 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 48 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 49 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 50 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 51 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 52 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 53 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 54 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 55 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 56 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 57 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 58 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 59 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 60 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 61 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 62 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 63 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 64 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 65 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.3 |
|
|
| aliases |
BIT-airflow-2021-38540, CVE-2021-38540, GHSA-h88f-r7cw-8fv3, PYSEC-2021-326
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qcqk-eyx2-6bcg |
|
| 51 |
| url |
VCID-qg14-ym9d-wuea |
| vulnerability_id |
VCID-qg14-ym9d-wuea |
| summary |
In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.3 |
| purl |
pkg:pypi/apache-airflow@2.4.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 38 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 39 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 40 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 41 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 42 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 43 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 44 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 45 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 46 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 47 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 48 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 49 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 50 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 51 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 52 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3 |
|
|
| aliases |
BIT-airflow-2022-45402, CVE-2022-45402, GHSA-rg94-84xj-7gq3, PYSEC-2022-42984
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-qg14-ym9d-wuea |
|
| 52 |
| url |
VCID-r2bq-ukcr-1fa3 |
| vulnerability_id |
VCID-r2bq-ukcr-1fa3 |
| summary |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.11.1 |
| purl |
pkg:pypi/apache-airflow@2.11.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 1 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 2 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 3 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 4 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 5 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 6 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 7 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 10 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 11 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 12 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@3.1.6 |
| purl |
pkg:pypi/apache-airflow@3.1.6 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-5r2q-cc18-v7cx |
|
| 3 |
| vulnerability |
VCID-7q3b-su3j-y7b4 |
|
| 4 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 5 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 6 |
| vulnerability |
VCID-ap8j-6689-kfgd |
|
| 7 |
| vulnerability |
VCID-bkwd-x3qh-57ga |
|
| 8 |
| vulnerability |
VCID-bva2-dpg3-m7hv |
|
| 9 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 10 |
| vulnerability |
VCID-f41w-9d6d-wbgf |
|
| 11 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 12 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 13 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 14 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 15 |
| vulnerability |
VCID-srr5-3rxv-rkg8 |
|
| 16 |
| vulnerability |
VCID-szqt-j7av-dqde |
|
| 17 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 18 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 19 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 20 |
| vulnerability |
VCID-typh-t13h-w3g1 |
|
| 21 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 22 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 23 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 24 |
| vulnerability |
VCID-yvkr-2un4-cyfg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6 |
|
|
| aliases |
BIT-airflow-2025-68675, CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r2bq-ukcr-1fa3 |
|
| 53 |
| url |
VCID-r91g-hqa7-zbep |
| vulnerability_id |
VCID-r91g-hqa7-zbep |
| summary |
Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0
This issue affects Apache Airflow: before 2.6.0. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/29706 |
| reference_id |
29706 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/29706 |
|
| 7 |
| reference_url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
| reference_id |
43 |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/ |
|
|
| url |
http://seclists.org/fulldisclosure/2023/Jul/43 |
|
| 8 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.0b1 |
| purl |
pkg:pypi/apache-airflow@2.6.0b1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 22 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 23 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 24 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 25 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 26 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 27 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 28 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 32 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 33 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 34 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 35 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 36 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 37 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 38 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 39 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 40 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 41 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 42 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 43 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 44 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 45 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 46 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 47 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 48 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 49 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 50 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 51 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.6.0 |
| purl |
pkg:pypi/apache-airflow@2.6.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-5jy7-w294-kuf8 |
|
| 8 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 13 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 14 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 15 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 30 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 31 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 32 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 33 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 34 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 35 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 36 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 37 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 38 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 39 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 40 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 41 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 42 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 43 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 44 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 45 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 46 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 47 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 48 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 49 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0 |
|
|
| aliases |
BIT-airflow-2023-39508, CVE-2023-39508, GHSA-269x-pg5c-5xgm, PYSEC-2023-134
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
7.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-r91g-hqa7-zbep |
|
| 54 |
| url |
VCID-rnpn-qfdf-87aq |
| vulnerability_id |
VCID-rnpn-qfdf-87aq |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
| reference_url |
http://www.openwall.com/lists/oss-security/2024/03/01/1 |
| reference_id |
1 |
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2024/03/01/1 |
|
| 10 |
| reference_url |
https://github.com/apache/airflow/pull/37501 |
| reference_id |
37501 |
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37501 |
|
| 11 |
|
| 12 |
|
| 13 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 4 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 5 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 6 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 7 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 8 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 9 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 10 |
| vulnerability |
VCID-b6t6-294p-nkgx |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 18 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 19 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 20 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 21 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 22 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 23 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 24 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 25 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 26 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
BIT-airflow-2024-26280, CVE-2024-26280, GHSA-6xwf-xvf3-v459, PYSEC-2024-42
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rnpn-qfdf-87aq |
|
| 55 |
| url |
VCID-sxa8-9f89-bfdv |
| vulnerability_id |
VCID-sxa8-9f89-bfdv |
| summary |
Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.
Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
| reference_url |
https://github.com/apache/airflow/pull/37290 |
| reference_id |
37290 |
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37290 |
|
| 14 |
| reference_url |
https://github.com/apache/airflow/pull/37468 |
| reference_id |
37468 |
| reference_type |
|
| scores |
| 0 |
| value |
5.9 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/37468 |
|
| 15 |
|
| 16 |
|
| 17 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.2 |
| purl |
pkg:pypi/apache-airflow@2.8.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 2 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 3 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 4 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 5 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 6 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 7 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 8 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 9 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 10 |
| vulnerability |
VCID-b6t6-294p-nkgx |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 18 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 19 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 20 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 21 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 22 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 23 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 24 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 25 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 26 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2 |
|
|
| aliases |
BIT-airflow-2024-27906, CVE-2024-27906, GHSA-6v6w-h8m6-7mv2, PYSEC-2024-245
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-sxa8-9f89-bfdv |
|
| 56 |
| url |
VCID-tbn8-rdjn-nban |
| vulnerability_id |
VCID-tbn8-rdjn-nban |
| summary |
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope.
Users are recommended to upgrade to version 3.2.1, which fixes this issue. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-40690, GHSA-w7rc-q6cm-f5gm
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tbn8-rdjn-nban |
|
| 57 |
| url |
VCID-tg1w-9bcx-6fg3 |
| vulnerability_id |
VCID-tg1w-9bcx-6fg3 |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.
Users are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
https://github.com/apache/airflow/pull/33512 |
| reference_id |
33512 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33512 |
|
| 8 |
| reference_url |
https://github.com/apache/airflow/pull/33516 |
| reference_id |
33516 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33516 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 9 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 10 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 11 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 12 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 13 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 14 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 15 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 18 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 19 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 20 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 21 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 22 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 23 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 24 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 25 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 26 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 27 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 28 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 29 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 30 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 31 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 32 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 33 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 34 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 35 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 36 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 37 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 38 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 39 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
BIT-airflow-2023-40712, CVE-2023-40712, GHSA-mjqh-v5f2-g2mw, PYSEC-2023-171
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-tg1w-9bcx-6fg3 |
|
| 58 |
| url |
VCID-ttb5-juj4-uugt |
| vulnerability_id |
VCID-ttb5-juj4-uugt |
| summary |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/apache/airflow/pull/63028 |
| reference_id |
63028 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/63028 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.2.0 |
| purl |
pkg:pypi/apache-airflow@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-7nmp-wvjt-5qcd |
|
| 2 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 3 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 4 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 5 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 6 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 7 |
| vulnerability |
VCID-r4gm-ygr6-4ffs |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 10 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 11 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 12 |
| vulnerability |
VCID-y78u-y824-afc4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0 |
|
|
| aliases |
BIT-airflow-2026-30912, CVE-2026-30912, GHSA-w7cf-2pmc-5m4c, PYSEC-2026-18
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb5-juj4-uugt |
|
| 59 |
| url |
VCID-u42p-urfu-83hn |
| vulnerability_id |
VCID-u42p-urfu-83hn |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/32309 |
| reference_id |
32309 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32309 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2022-46651, CVE-2022-46651, GHSA-xvw9-3mhm-xjqq, PYSEC-2023-103
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u42p-urfu-83hn |
|
| 60 |
| url |
VCID-u7j1-ha9q-xkdd |
| vulnerability_id |
VCID-u7j1-ha9q-xkdd |
| summary |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/apache/airflow/pull/32293 |
| reference_id |
32293 |
| reference_type |
|
| scores |
| 0 |
| value |
6.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
7.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/32293 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.6.3 |
| purl |
pkg:pypi/apache-airflow@2.6.3 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 18 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 19 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 20 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 21 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 22 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 23 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 24 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 25 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 26 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 27 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 28 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 29 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 30 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 31 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 32 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 33 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 34 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 35 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 36 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 37 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 38 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 39 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 40 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 41 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 42 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3 |
|
|
| aliases |
BIT-airflow-2023-22888, CVE-2023-22888, GHSA-5946-8p38-vffp, PYSEC-2023-105
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-u7j1-ha9q-xkdd |
|
| 61 |
| url |
VCID-utkw-km71-efgd |
| vulnerability_id |
VCID-utkw-km71-efgd |
| summary |
Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.
Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.2 |
| purl |
pkg:pypi/apache-airflow@2.7.2 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 9 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 10 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 11 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 12 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 13 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 14 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 15 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 16 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 17 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 18 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 19 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 20 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 21 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 22 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 23 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 24 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 25 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 26 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 27 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 28 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 29 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 30 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 31 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 32 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 33 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 34 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2 |
|
|
| aliases |
BIT-airflow-2023-42780, CVE-2023-42780, GHSA-cgx2-rrmr-jx43, PYSEC-2023-202
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utkw-km71-efgd |
|
| 62 |
| url |
VCID-utwq-nekz-f7de |
| vulnerability_id |
VCID-utwq-nekz-f7de |
| summary |
OS Command injection in Apache Airflow |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/advisories/GHSA-3v7g-4pg3-7r6j |
| reference_id |
GHSA-3v7g-4pg3-7r6j |
| reference_type |
|
| scores |
| 0 |
| value |
8.8 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
|
| 1 |
| value |
HIGH |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
|
| 3 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-3v7g-4pg3-7r6j |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4 |
| purl |
pkg:pypi/apache-airflow@2.2.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8y5v-gc8r-mfds |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 18 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 19 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 20 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 21 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 22 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 23 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 24 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 25 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 26 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 27 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 28 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 29 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 30 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 31 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 32 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 33 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 34 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 35 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 36 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 37 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 38 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 39 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 40 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 41 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 42 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 43 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 44 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 45 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 46 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 47 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 48 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 49 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 50 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 51 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 52 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 53 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 54 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 55 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 56 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 57 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 58 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 59 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 60 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 61 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 62 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 63 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4 |
|
|
| aliases |
BIT-airflow-2022-24288, CVE-2022-24288, GHSA-3v7g-4pg3-7r6j, PYSEC-2022-30
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-utwq-nekz-f7de |
|
| 63 |
| url |
VCID-uyfw-cw7q-gubj |
| vulnerability_id |
VCID-uyfw-cw7q-gubj |
| summary |
Apache Airflow Cross-site Scripting Vulnerability |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
| reference_url |
https://github.com/advisories/GHSA-65xw-pcqw-hjrh |
| reference_id |
GHSA-65xw-pcqw-hjrh |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-65xw-pcqw-hjrh |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.2.4rc1 |
| purl |
pkg:pypi/apache-airflow@2.2.4rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 21 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 22 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 23 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 24 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 25 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 26 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 27 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 28 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 29 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 30 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 31 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 32 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 33 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 34 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 35 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 36 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 37 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 38 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 39 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 40 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 41 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 42 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 43 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 44 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 45 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 46 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 47 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 48 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 49 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 50 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 51 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 52 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 53 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 54 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 55 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 56 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 57 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 58 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 59 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 60 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 61 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 62 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 63 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1 |
|
|
| aliases |
BIT-airflow-2021-45229, CVE-2021-45229, GHSA-65xw-pcqw-hjrh, PYSEC-2022-29
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-uyfw-cw7q-gubj |
|
| 64 |
| url |
VCID-vnaq-tba8-ykag |
| vulnerability_id |
VCID-vnaq-tba8-ykag |
| summary |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.
Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.2.0 |
| purl |
pkg:pypi/apache-airflow@3.2.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-7nmp-wvjt-5qcd |
|
| 2 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 3 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 4 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 5 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 6 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 7 |
| vulnerability |
VCID-r4gm-ygr6-4ffs |
|
| 8 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 9 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 10 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 11 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 12 |
| vulnerability |
VCID-y78u-y824-afc4 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0 |
|
|
| aliases |
BIT-airflow-2026-25917, CVE-2026-25917, GHSA-6ffj-2wg2-w45j, PYSEC-2026-13
|
| risk_score |
3.2 |
| exploitability |
0.5 |
| weighted_severity |
6.5 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vnaq-tba8-ykag |
|
| 65 |
| url |
VCID-vxqr-wyq5-6yge |
| vulnerability_id |
VCID-vxqr-wyq5-6yge |
| summary |
A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field. |
| references |
|
| fixed_packages |
|
| aliases |
BIT-airflow-2026-45192, CVE-2026-45192, PYSEC-2026-173
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vxqr-wyq5-6yge |
|
| 66 |
| url |
VCID-vymx-nqhb-pfht |
| vulnerability_id |
VCID-vymx-nqhb-pfht |
| summary |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.
Users should upgrade to version 2.7.1 or later which has removed the vulnerability. |
| references |
| 0 |
|
| 1 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
| reference_url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
| reference_id |
1 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/ |
|
|
| url |
http://www.openwall.com/lists/oss-security/2023/11/12/1 |
|
| 8 |
| reference_url |
https://github.com/apache/airflow/pull/33413 |
| reference_id |
33413 |
| reference_type |
|
| scores |
| 0 |
| value |
4.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
|
| 1 |
| value |
5.3 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/ |
|
|
| url |
https://github.com/apache/airflow/pull/33413 |
|
| 9 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.7.1 |
| purl |
pkg:pypi/apache-airflow@2.7.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 2 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 3 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 4 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 5 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 6 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 7 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 8 |
| vulnerability |
VCID-86v6-qrfj-9fdb |
|
| 9 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 10 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 11 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 12 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 13 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 14 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 15 |
| vulnerability |
VCID-ahbc-71um-h3g2 |
|
| 16 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 17 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 18 |
| vulnerability |
VCID-cevw-hkjm-mkc2 |
|
| 19 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 20 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 21 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 22 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 23 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 24 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 25 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 26 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 27 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 28 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 29 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 30 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 31 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 32 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 33 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 34 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 35 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 36 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 37 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 38 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 39 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1 |
|
|
| aliases |
BIT-airflow-2023-40611, CVE-2023-40611, GHSA-wpg8-mf6h-gm92, PYSEC-2023-170
|
| risk_score |
1.9 |
| exploitability |
0.5 |
| weighted_severity |
3.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-vymx-nqhb-pfht |
|
| 67 |
| url |
VCID-wpnx-wvj6-2khc |
| vulnerability_id |
VCID-wpnx-wvj6-2khc |
| summary |
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
8.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
|
| 1 |
| value |
8.6 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.4.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 42 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 43 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 44 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 45 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 46 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 47 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 48 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 49 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 50 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 51 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 52 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 53 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 54 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 55 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 56 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 57 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.4.2rc1 |
| purl |
pkg:pypi/apache-airflow@2.4.2rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8htr-n7ys-1bbw |
|
| 15 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 16 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 42 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 43 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 44 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 45 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 46 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 47 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 48 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 49 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 50 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 51 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 52 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 53 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 54 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 55 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 56 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1 |
|
|
| aliases |
BIT-airflow-2022-41672, CVE-2022-41672, GHSA-3q8r-f3pj-3gc4, PYSEC-2022-42983
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnx-wvj6-2khc |
|
| 68 |
| url |
VCID-xcmz-3we1-gucg |
| vulnerability_id |
VCID-xcmz-3we1-gucg |
| summary |
Apache Airflow exposes arbitrary file content |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
5.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
| reference_url |
https://github.com/advisories/GHSA-q8h9-pqcx-59hw |
| reference_id |
GHSA-q8h9-pqcx-59hw |
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
5.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-q8h9-pqcx-59hw |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.3.4 |
| purl |
pkg:pypi/apache-airflow@2.3.4 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 11 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 12 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 13 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 14 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 15 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 16 |
| vulnerability |
VCID-b397-bkbt-uyat |
|
| 17 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 18 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 19 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 20 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 21 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 22 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 23 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 24 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 25 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 26 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 27 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 28 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 29 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 30 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 31 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 32 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 33 |
| vulnerability |
VCID-jq9s-gczd-yue3 |
|
| 34 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 35 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 36 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 37 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 38 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 39 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 40 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 41 |
| vulnerability |
VCID-q832-2q3v-dya5 |
|
| 42 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 43 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 44 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 45 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 46 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 47 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 48 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 49 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 50 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 51 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 52 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 53 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 54 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 55 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 56 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 57 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 58 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4 |
|
|
| aliases |
BIT-airflow-2022-38170, CVE-2022-38170, GHSA-q8h9-pqcx-59hw, PYSEC-2022-261
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmz-3we1-gucg |
|
| 69 |
| url |
VCID-xkmg-g2wz-hfd2 |
| vulnerability_id |
VCID-xkmg-g2wz-hfd2 |
| summary |
The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0. |
| references |
| 0 |
|
| 1 |
| reference_url |
https://github.com/advisories/GHSA-fh37-cx83-q542 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
MODERATE |
| scoring_system |
cvssv3.1_qr |
| scoring_elements |
|
|
| 2 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 3 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/advisories/GHSA-fh37-cx83-q542 |
|
| 2 |
| reference_url |
https://github.com/apache/airflow |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
6.9 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N |
|
| 2 |
| value |
MODERATE |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/apache/airflow |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.0.1rc1 |
| purl |
pkg:pypi/apache-airflow@2.0.1rc1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-3ep8-xwyq-q7d9 |
|
| 6 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 7 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 8 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 9 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 10 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 11 |
| vulnerability |
VCID-6vhk-pt43-nqbd |
|
| 12 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 13 |
| vulnerability |
VCID-7ujj-9jbc-jfes |
|
| 14 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 15 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 16 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 17 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 18 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 19 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 20 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 21 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 22 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 23 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 24 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 25 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 26 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 27 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 28 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 29 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 30 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 31 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 32 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 33 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 34 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 35 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 36 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 37 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 38 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 39 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 40 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 41 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 42 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 43 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 44 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 45 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 46 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 47 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 48 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 49 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 50 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 51 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 52 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 53 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 54 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 55 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 56 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 57 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 58 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 59 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 60 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 61 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 62 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 63 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 64 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 65 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 66 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 67 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 68 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 69 |
| vulnerability |
VCID-xkmg-g2wz-hfd2 |
|
| 70 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 71 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1 |
|
| 1 |
| url |
pkg:pypi/apache-airflow@2.0.1 |
| purl |
pkg:pypi/apache-airflow@2.0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-168u-zs7t-pqdf |
|
| 1 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 2 |
| vulnerability |
VCID-2r7f-dzef-dfcs |
|
| 3 |
| vulnerability |
VCID-2urm-nyak-63ew |
|
| 4 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 5 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 6 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 7 |
| vulnerability |
VCID-4q46-3648-ckaq |
|
| 8 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 9 |
| vulnerability |
VCID-6smg-qne8-hfgj |
|
| 10 |
| vulnerability |
VCID-6vhk-pt43-nqbd |
|
| 11 |
| vulnerability |
VCID-6ywu-aujt-dfbz |
|
| 12 |
| vulnerability |
VCID-7ujj-9jbc-jfes |
|
| 13 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 14 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 15 |
| vulnerability |
VCID-8gmn-hbp1-4kbt |
|
| 16 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 17 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 18 |
| vulnerability |
VCID-akt3-fjpx-zbbd |
|
| 19 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 20 |
| vulnerability |
VCID-bw9q-wjgg-vqgs |
|
| 21 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 22 |
| vulnerability |
VCID-c2d5-ha3e-hkcd |
|
| 23 |
| vulnerability |
VCID-c2sx-75mh-afhd |
|
| 24 |
| vulnerability |
VCID-cjdt-c5b2-f7bb |
|
| 25 |
| vulnerability |
VCID-cn8p-pg33-83aa |
|
| 26 |
| vulnerability |
VCID-cnzs-6j9b-cfd2 |
|
| 27 |
| vulnerability |
VCID-d6m3-rkux-pfaw |
|
| 28 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 29 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 30 |
| vulnerability |
VCID-ex63-gwxe-tufh |
|
| 31 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 32 |
| vulnerability |
VCID-fxxa-6sx4-yfhh |
|
| 33 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 34 |
| vulnerability |
VCID-g4y4-92yj-r3ct |
|
| 35 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 36 |
| vulnerability |
VCID-gdht-hfnv-pqbm |
|
| 37 |
| vulnerability |
VCID-gfcb-gz5n-23fs |
|
| 38 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 39 |
| vulnerability |
VCID-he37-337a-r7ex |
|
| 40 |
| vulnerability |
VCID-hwhg-hxp4-qyeb |
|
| 41 |
| vulnerability |
VCID-k32s-e7tk-gfe7 |
|
| 42 |
| vulnerability |
VCID-kgwq-4rwr-dybt |
|
| 43 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 44 |
| vulnerability |
VCID-nnbr-jmj5-v3c9 |
|
| 45 |
| vulnerability |
VCID-nxm8-uma2-u3ed |
|
| 46 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 47 |
| vulnerability |
VCID-p92v-jeew-eygn |
|
| 48 |
| vulnerability |
VCID-q4kq-54bn-2yfd |
|
| 49 |
| vulnerability |
VCID-qcqk-eyx2-6bcg |
|
| 50 |
| vulnerability |
VCID-qg14-ym9d-wuea |
|
| 51 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 52 |
| vulnerability |
VCID-r91g-hqa7-zbep |
|
| 53 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 54 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 55 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 56 |
| vulnerability |
VCID-tg1w-9bcx-6fg3 |
|
| 57 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 58 |
| vulnerability |
VCID-u42p-urfu-83hn |
|
| 59 |
| vulnerability |
VCID-u7j1-ha9q-xkdd |
|
| 60 |
| vulnerability |
VCID-utkw-km71-efgd |
|
| 61 |
| vulnerability |
VCID-utwq-nekz-f7de |
|
| 62 |
| vulnerability |
VCID-uyfw-cw7q-gubj |
|
| 63 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 64 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 65 |
| vulnerability |
VCID-vymx-nqhb-pfht |
|
| 66 |
| vulnerability |
VCID-wpnx-wvj6-2khc |
|
| 67 |
| vulnerability |
VCID-xcmz-3we1-gucg |
|
| 68 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
| 69 |
| vulnerability |
VCID-z9pc-46h3-pff1 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1 |
|
|
| aliases |
BIT-airflow-2021-26697, CVE-2021-26697, GHSA-fh37-cx83-q542, PYSEC-2021-3
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-xkmg-g2wz-hfd2 |
|
| 70 |
| url |
VCID-z7rt-fxe3-3udw |
| vulnerability_id |
VCID-z7rt-fxe3-3udw |
| summary |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.
This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@3.1.1 |
| purl |
pkg:pypi/apache-airflow@3.1.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-2j7p-89b9-t7e8 |
|
| 1 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 2 |
| vulnerability |
VCID-5r2q-cc18-v7cx |
|
| 3 |
| vulnerability |
VCID-7q3b-su3j-y7b4 |
|
| 4 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 5 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 6 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 7 |
| vulnerability |
VCID-ap8j-6689-kfgd |
|
| 8 |
| vulnerability |
VCID-bftx-1hw8-z7f1 |
|
| 9 |
| vulnerability |
VCID-bkwd-x3qh-57ga |
|
| 10 |
| vulnerability |
VCID-bva2-dpg3-m7hv |
|
| 11 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 12 |
| vulnerability |
VCID-f41w-9d6d-wbgf |
|
| 13 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 14 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 15 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 16 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 17 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 18 |
| vulnerability |
VCID-srr5-3rxv-rkg8 |
|
| 19 |
| vulnerability |
VCID-szqt-j7av-dqde |
|
| 20 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 21 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 22 |
| vulnerability |
VCID-tx59-fvt4-mbfj |
|
| 23 |
| vulnerability |
VCID-typh-t13h-w3g1 |
|
| 24 |
| vulnerability |
VCID-u2bm-499h-2qfh |
|
| 25 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 26 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 27 |
| vulnerability |
VCID-xga6-ksvc-9yhf |
|
| 28 |
| vulnerability |
VCID-yvkr-2un4-cyfg |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1 |
|
|
| aliases |
CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
|
| risk_score |
4.4 |
| exploitability |
0.5 |
| weighted_severity |
8.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z7rt-fxe3-3udw |
|
| 71 |
| url |
VCID-z9pc-46h3-pff1 |
| vulnerability_id |
VCID-z9pc-46h3-pff1 |
| summary |
Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.
This flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.
Users are recommended to upgrade to 2.8.0, which fixes this issue |
| references |
|
| fixed_packages |
| 0 |
| url |
pkg:pypi/apache-airflow@2.8.0 |
| purl |
pkg:pypi/apache-airflow@2.8.0 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1fke-agqs-bkd1 |
|
| 1 |
| vulnerability |
VCID-2w8y-kxer-s7e2 |
|
| 2 |
| vulnerability |
VCID-4e1s-kjwm-4ffg |
|
| 3 |
| vulnerability |
VCID-4n4v-jv1f-1bgk |
|
| 4 |
| vulnerability |
VCID-619t-7b16-vbax |
|
| 5 |
| vulnerability |
VCID-668v-1v1b-9bf2 |
|
| 6 |
| vulnerability |
VCID-881f-vbac-rucw |
|
| 7 |
| vulnerability |
VCID-8aa5-hyy9-e3f1 |
|
| 8 |
| vulnerability |
VCID-8ze1-k1e3-huhc |
|
| 9 |
| vulnerability |
VCID-9y7c-yxq4-f7ha |
|
| 10 |
| vulnerability |
VCID-aau9-yvuf-qbcc |
|
| 11 |
| vulnerability |
VCID-bjtj-v297-cbd7 |
|
| 12 |
| vulnerability |
VCID-bwh8-43re-a3b8 |
|
| 13 |
| vulnerability |
VCID-cjun-ju6c-1fes |
|
| 14 |
| vulnerability |
VCID-es5x-ee29-6ue8 |
|
| 15 |
| vulnerability |
VCID-etdd-wf1g-5yc6 |
|
| 16 |
| vulnerability |
VCID-f5rh-fhtd-wyau |
|
| 17 |
| vulnerability |
VCID-g4qz-drbp-gqdp |
|
| 18 |
| vulnerability |
VCID-gbn8-8y8d-gkgw |
|
| 19 |
| vulnerability |
VCID-h4r7-k7z1-6kgg |
|
| 20 |
| vulnerability |
VCID-kjra-gghm-sqg2 |
|
| 21 |
| vulnerability |
VCID-nz83-fzzb-5ucs |
|
| 22 |
| vulnerability |
VCID-r2bq-ukcr-1fa3 |
|
| 23 |
| vulnerability |
VCID-rnpn-qfdf-87aq |
|
| 24 |
| vulnerability |
VCID-sxa8-9f89-bfdv |
|
| 25 |
| vulnerability |
VCID-tbn8-rdjn-nban |
|
| 26 |
| vulnerability |
VCID-ttb5-juj4-uugt |
|
| 27 |
| vulnerability |
VCID-vnaq-tba8-ykag |
|
| 28 |
| vulnerability |
VCID-vxqr-wyq5-6yge |
|
| 29 |
| vulnerability |
VCID-z7rt-fxe3-3udw |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0 |
|
|
| aliases |
BIT-airflow-2023-50783, CVE-2023-50783, GHSA-5938-79hg-xh3q, PYSEC-2023-267
|
| risk_score |
3.0 |
| exploitability |
0.5 |
| weighted_severity |
5.9 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-z9pc-46h3-pff1 |
|