{"url":"http://public2.vulnerablecode.io/api/packages/30879?format=json","purl":"pkg:pypi/apache-airflow@2.6.0rc5","type":"pypi","namespace":"","name":"apache-airflow","version":"2.6.0rc5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.2.0","latest_non_vulnerable_version":"3.2.1rc1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8944?format=json","vulnerability_id":"VCID-1963-1kyn-2ban","summary":"We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47037","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24378","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47037"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"https://github.com/apache/airflow/pull/33413"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml"},{"reference_url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037","reference_id":"CVE-2023-47037","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037"},{"reference_url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9","reference_id":"GHSA-hm9r-7f84-25c9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30900?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["BIT-airflow-2023-47037","CVE-2023-47037","GHSA-hm9r-7f84-25c9","PYSEC-2023-232"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1963-1kyn-2ban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8725?format=json","vulnerability_id":"VCID-1azm-hsvr-f3e8","summary":"Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25693","reference_id":"","reference_type":"","scores":[{"value":"0.03621","scoring_system":"epss","scoring_elements":"0.87999","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25693"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/29500","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/"}],"url":"https://github.com/apache/airflow/pull/29500"},{"reference_url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/"}],"url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693","reference_id":"CVE-2023-25693","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693"},{"reference_url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf","reference_id":"GHSA-j69x-v4wc-3fpf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30991?format=json","purl":"pkg:pypi/apache-airflow@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4fjp-pn9s-tyhz"},{"vulnerability":"VCID-9x6r-5m59-yyap"},{"vulnerability":"VCID-bv7f-s53t-uqe4"},{"vulnerability":"VCID-g8pv-cam5-d7dj"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kmz1-dm9f-d7hj"},{"vulnerability":"VCID-m3ff-jty5-3uhw"},{"vulnerability":"VCID-nrc9-bdc2-dfes"},{"vulnerability":"VCID-nrgz-jdnp-kyet"},{"vulnerability":"VCID-pvh4-3wng-ekdq"},{"vulnerability":"VCID-tj2m-5j3f-5ueq"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vwv4-7y7y-9fcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1"}],"aliases":["CVE-2023-25693","GHSA-j69x-v4wc-3fpf","PYSEC-2023-314"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1azm-hsvr-f3e8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8821?format=json","vulnerability_id":"VCID-1ptn-xvsy-d3hu","summary":"Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36543","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74434","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36543"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315"},{"reference_url":"https://github.com/apache/airflow/pull/32060","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/"}],"url":"https://github.com/apache/airflow/pull/32060"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml"},{"reference_url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/"}],"url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543","reference_id":"CVE-2023-36543","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543"},{"reference_url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m","reference_id":"GHSA-3h4m-m55v-gx4m","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30889?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-36543","CVE-2023-36543","GHSA-3h4m-m55v-gx4m","PYSEC-2023-106"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ptn-xvsy-d3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8798?format=json","vulnerability_id":"VCID-1tvn-y85f-jkb9","summary":"In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.\n\nThis vulnerability is mitigated by the fact configuration is not shown in the UI by default (only if `[webserver] expose_config` is set to `non-sensitive-only`), and not all uncensored values are actually sentitive.\n\n\nThis issue affects Apache Airflow: from 2.5.0 before 2.6.2. Users are recommended to update to version 2.6.2 or later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35005","reference_id":"","reference_type":"","scores":[{"value":"0.00227","scoring_system":"epss","scoring_elements":"0.45564","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35005"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/5679a01919ac9d5153e858f8b1390cbc7915f148","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/5679a01919ac9d5153e858f8b1390cbc7915f148"},{"reference_url":"https://github.com/apache/airflow/commit/f6cda8fb63250fc4700658999739c1c3c5f6625c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f6cda8fb63250fc4700658999739c1c3c5f6625c"},{"reference_url":"https://github.com/apache/airflow/pull/31788","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:11:19Z/"}],"url":"https://github.com/apache/airflow/pull/31788"},{"reference_url":"https://github.com/apache/airflow/pull/31820","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:11:19Z/"}],"url":"https://github.com/apache/airflow/pull/31820"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-89.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-89.yaml"},{"reference_url":"https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-09T14:11:19Z/"}],"url":"https://lists.apache.org/thread/o4f2cxh0054m9tlxpb81c1yhylor5gjd"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35005","reference_id":"CVE-2023-35005","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35005"},{"reference_url":"https://github.com/advisories/GHSA-mjff-wv85-hmcj","reference_id":"GHSA-mjff-wv85-hmcj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjff-wv85-hmcj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30885?format=json","purl":"pkg:pypi/apache-airflow@2.6.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-1tvn-y85f-jkb9"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/30887?format=json","purl":"pkg:pypi/apache-airflow@2.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.2"}],"aliases":["BIT-airflow-2023-35005","CVE-2023-35005","GHSA-mjff-wv85-hmcj","PYSEC-2023-89"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1tvn-y85f-jkb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8862?format=json","vulnerability_id":"VCID-2q7x-bua5-37h7","summary":"The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40273","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51144","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40273"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6"},{"reference_url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b"},{"reference_url":"https://github.com/apache/airflow/pull/33347","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://github.com/apache/airflow/pull/33347"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml"},{"reference_url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/08/23/1","reference_id":"","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/08/23/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273","reference_id":"CVE-2023-40273","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273"},{"reference_url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9","reference_id":"GHSA-pm87-24wq-r8w9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30892?format=json","purl":"pkg:pypi/apache-airflow@2.7.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/30894?format=json","purl":"pkg:pypi/apache-airflow@2.7.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-63fw-ggbk-9ycy"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1"}],"aliases":["BIT-airflow-2023-40273","CVE-2023-40273","GHSA-pm87-24wq-r8w9","PYSEC-2023-158"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2q7x-bua5-37h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8771?format=json","vulnerability_id":"VCID-4btd-59ga-1yd4","summary":"Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29247","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67272","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29247"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75"},{"reference_url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e"},{"reference_url":"https://github.com/apache/airflow/pull/30447","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://github.com/apache/airflow/pull/30447"},{"reference_url":"https://github.com/apache/airflow/pull/30779","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://github.com/apache/airflow/pull/30779"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml"},{"reference_url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247","reference_id":"CVE-2023-29247","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247"},{"reference_url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr","reference_id":"GHSA-vcf6-3wv2-5vcr","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30880?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-1tvn-y85f-jkb9"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-29247","CVE-2023-29247","GHSA-vcf6-3wv2-5vcr","PYSEC-2023-60"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4btd-59ga-1yd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9035?format=json","vulnerability_id":"VCID-4u8d-ezsr-sqcz","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50943","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44037","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50943"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462"},{"reference_url":"https://github.com/apache/airflow/pull/36255","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"https://github.com/apache/airflow/pull/36255"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml"},{"reference_url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/24/4","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/24/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943","reference_id":"CVE-2023-50943","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943"},{"reference_url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2","reference_id":"GHSA-c3c6-f2ww-xfr2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30907?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/30908?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["BIT-airflow-2023-50943","CVE-2023-50943","GHSA-c3c6-f2ww-xfr2","PYSEC-2024-13"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4u8d-ezsr-sqcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8820?format=json","vulnerability_id":"VCID-7z8j-8f4d-53dm","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46651","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37541","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46651"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8"},{"reference_url":"https://github.com/apache/airflow/pull/32309","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/"}],"url":"https://github.com/apache/airflow/pull/32309"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml"},{"reference_url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/"}],"url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651","reference_id":"CVE-2022-46651","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651"},{"reference_url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq","reference_id":"GHSA-xvw9-3mhm-xjqq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30889?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2022-46651","CVE-2022-46651","GHSA-xvw9-3mhm-xjqq","PYSEC-2023-103"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7z8j-8f4d-53dm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9036?format=json","vulnerability_id":"VCID-82p8-yujf-hkdd","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50944","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34758","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50944"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1"},{"reference_url":"https://github.com/apache/airflow/pull/36257","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"https://github.com/apache/airflow/pull/36257"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml"},{"reference_url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/24/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/24/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944","reference_id":"CVE-2023-50944","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944"},{"reference_url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w","reference_id":"GHSA-vm5m-qmrx-fw8w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30907?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/30908?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["BIT-airflow-2023-50944","CVE-2023-50944","GHSA-vm5m-qmrx-fw8w","PYSEC-2024-14"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82p8-yujf-hkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9192?format=json","vulnerability_id":"VCID-8m3p-yzr8-yyhj","summary":"Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41937","reference_id":"","reference_type":"","scores":[{"value":"0.00852","scoring_system":"epss","scoring_elements":"0.75225","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41937"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98"},{"reference_url":"https://github.com/apache/airflow/pull/40933","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/"}],"url":"https://github.com/apache/airflow/pull/40933"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml"},{"reference_url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/"}],"url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/08/21/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/08/21/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41937","reference_id":"CVE-2024-41937","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41937"},{"reference_url":"https://github.com/advisories/GHSA-w7cp-g8v7-r54m","reference_id":"GHSA-w7cp-g8v7-r54m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7cp-g8v7-r54m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30933?format=json","purl":"pkg:pypi/apache-airflow@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-s7es-yfst-8kce"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0"}],"aliases":["BIT-airflow-2024-41937","CVE-2024-41937","GHSA-w7cp-g8v7-r54m","PYSEC-2024-181"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8m3p-yzr8-yyhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8881?format=json","vulnerability_id":"VCID-8npr-rvfd-jkfj","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40611","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31182","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40611"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"https://github.com/apache/airflow/pull/33413"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml"},{"reference_url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611","reference_id":"CVE-2023-40611","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611"},{"reference_url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92","reference_id":"GHSA-wpg8-mf6h-gm92","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30896?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-63fw-ggbk-9ycy"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["BIT-airflow-2023-40611","CVE-2023-40611","GHSA-wpg8-mf6h-gm92","PYSEC-2023-170"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8npr-rvfd-jkfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8909?format=json","vulnerability_id":"VCID-8ykk-1kak-6bfd","summary":"Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42780","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32066","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42780"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161"},{"reference_url":"https://github.com/apache/airflow/pull/34355","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/"}],"url":"https://github.com/apache/airflow/pull/34355"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml"},{"reference_url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/"}],"url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780","reference_id":"CVE-2023-42780","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780"},{"reference_url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43","reference_id":"GHSA-cgx2-rrmr-jx43","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30898?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42780","CVE-2023-42780","GHSA-cgx2-rrmr-jx43","PYSEC-2023-202"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ykk-1kak-6bfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9081?format=json","vulnerability_id":"VCID-arbk-dryb-qkda","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26280","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45465","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26280"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa"},{"reference_url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99"},{"reference_url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e"},{"reference_url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d"},{"reference_url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f"},{"reference_url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c"},{"reference_url":"https://github.com/apache/airflow/pull/37501","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"https://github.com/apache/airflow/pull/37501"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml"},{"reference_url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/01/1","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/01/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280","reference_id":"CVE-2024-26280","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280"},{"reference_url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459","reference_id":"GHSA-6xwf-xvf3-v459","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30912?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-974g-7wsa-dqd7"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["BIT-airflow-2024-26280","CVE-2024-26280","GHSA-6xwf-xvf3-v459","PYSEC-2024-42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-arbk-dryb-qkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8823?format=json","vulnerability_id":"VCID-d3kc-fn21-xqar","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22887","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.70855","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22887"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/"}],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml"},{"reference_url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/"}],"url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887","reference_id":"CVE-2023-22887","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887"},{"reference_url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv","reference_id":"GHSA-ggwr-4vr8-g7wv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30889?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-22887","CVE-2023-22887","GHSA-ggwr-4vr8-g7wv","PYSEC-2023-104"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d3kc-fn21-xqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8824?format=json","vulnerability_id":"VCID-dk1y-938p-k3bv","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22888","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35419","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22888"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/"}],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml"},{"reference_url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/"}],"url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888","reference_id":"CVE-2023-22888","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888"},{"reference_url":"https://github.com/advisories/GHSA-5946-8p38-vffp","reference_id":"GHSA-5946-8p38-vffp","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5946-8p38-vffp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30889?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-22888","CVE-2023-22888","GHSA-5946-8p38-vffp","PYSEC-2023-105"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk1y-938p-k3bv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8943?format=json","vulnerability_id":"VCID-fctg-457f-4uae","summary":"Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42781","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17222","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42781"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3"},{"reference_url":"https://github.com/apache/airflow/pull/34939","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"https://github.com/apache/airflow/pull/34939"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml"},{"reference_url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781","reference_id":"CVE-2023-42781","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781"},{"reference_url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv","reference_id":"GHSA-r7x6-xfcm-3mxv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30900?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["BIT-airflow-2023-42781","CVE-2023-42781","GHSA-r7x6-xfcm-3mxv","PYSEC-2023-231"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fctg-457f-4uae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8908?format=json","vulnerability_id":"VCID-hgq2-kuex-y3a3","summary":"Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42663","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61013","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42663"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/34315","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/34315"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml"},{"reference_url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663","reference_id":"CVE-2023-42663","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663"},{"reference_url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp","reference_id":"GHSA-32wr-qqw6-5mfp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30898?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42663","CVE-2023-42663","GHSA-32wr-qqw6-5mfp","PYSEC-2023-197"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgq2-kuex-y3a3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9153?format=json","vulnerability_id":"VCID-hpf3-3z3m-6ydt","summary":"Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25142","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27723","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25142"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3"},{"reference_url":"https://github.com/apache/airflow/pull/39550","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/"}],"url":"https://github.com/apache/airflow/pull/39550"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml"},{"reference_url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/"}],"url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/13/1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/06/13/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25142","reference_id":"CVE-2024-25142","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25142"},{"reference_url":"https://github.com/advisories/GHSA-9xpj-62mm-24h2","reference_id":"GHSA-9xpj-62mm-24h2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xpj-62mm-24h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30927?format=json","purl":"pkg:pypi/apache-airflow@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2"}],"aliases":["BIT-airflow-2024-25142","CVE-2024-25142","GHSA-9xpj-62mm-24h2","PYSEC-2024-195"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpf3-3z3m-6ydt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9628?format=json","vulnerability_id":"VCID-j6uh-kx6m-sydp","summary":"Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25917","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16117","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25917"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/61641","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/"}],"url":"https://github.com/apache/airflow/pull/61641"},{"reference_url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/"}],"url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25917","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25917"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/9","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/9"},{"reference_url":"https://github.com/advisories/GHSA-6ffj-2wg2-w45j","reference_id":"GHSA-6ffj-2wg2-w45j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6ffj-2wg2-w45j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48415?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["BIT-airflow-2026-25917","CVE-2026-25917","GHSA-6ffj-2wg2-w45j","PYSEC-2026-13"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6uh-kx6m-sydp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9269?format=json","vulnerability_id":"VCID-kb4a-mm13-63bj","summary":"Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45784","reference_id":"","reference_type":"","scores":[{"value":"0.01059","scoring_system":"epss","scoring_elements":"0.77938","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45784"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/43040","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/"}],"url":"https://github.com/apache/airflow/pull/43040"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml"},{"reference_url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/"}],"url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45784"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/15/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/15/1"},{"reference_url":"https://github.com/advisories/GHSA-46c3-5xc5-wwhv","reference_id":"GHSA-46c3-5xc5-wwhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-46c3-5xc5-wwhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30940?format=json","purl":"pkg:pypi/apache-airflow@2.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3"}],"aliases":["BIT-airflow-2024-45784","CVE-2024-45784","GHSA-46c3-5xc5-wwhv","PYSEC-2024-182"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kb4a-mm13-63bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8772?format=json","vulnerability_id":"VCID-kgfb-yphg-n3ec","summary":"Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25754","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66216","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25754"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473"},{"reference_url":"https://github.com/apache/airflow/pull/29506","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"https://github.com/apache/airflow/pull/29506"},{"reference_url":"https://github.com/apache/airflow/releases/tag/2.6.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/releases/tag/2.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml"},{"reference_url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/05/08/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/05/08/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/05/08/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/05/08/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754","reference_id":"CVE-2023-25754","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754"},{"reference_url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp","reference_id":"GHSA-jchm-fm4q-c2fp","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30880?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-1tvn-y85f-jkb9"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-25754","CVE-2023-25754","GHSA-jchm-fm4q-c2fp","PYSEC-2023-59"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgfb-yphg-n3ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9172?format=json","vulnerability_id":"VCID-mbgq-fq5n-kufh","summary":"Apache Airflow 2.4.0, and versions before 2.9.3, has a vulnerability that allows authenticated DAG authors to craft a doc_md parameter in a way that could execute arbitrary code in the scheduler context, which should be forbidden according to the Airflow Security model. Users should upgrade to version 2.9.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39877","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31823","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39877"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/8159f6e24704f5e0e3b3217cf79ecf5083dce531","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8159f6e24704f5e0e3b3217cf79ecf5083dce531"},{"reference_url":"https://github.com/apache/airflow/pull/40522","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-17T13:24:32Z/"}],"url":"https://github.com/apache/airflow/pull/40522"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-190.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-190.yaml"},{"reference_url":"https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-17T13:24:32Z/"}],"url":"https://lists.apache.org/thread/1xhj9dkp37d6pzn24ll2mf94wbqnb2y1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/7","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/7"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39877","reference_id":"CVE-2024-39877","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39877"},{"reference_url":"https://github.com/advisories/GHSA-g5hv-r743-v8pm","reference_id":"GHSA-g5hv-r743-v8pm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g5hv-r743-v8pm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30929?format=json","purl":"pkg:pypi/apache-airflow@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3"}],"aliases":["BIT-airflow-2024-39877","CVE-2024-39877","GHSA-g5hv-r743-v8pm","PYSEC-2024-190"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbgq-fq5n-kufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8986?format=json","vulnerability_id":"VCID-nfbc-tutd-37bw","summary":"Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50783","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12945","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50783"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929"},{"reference_url":"https://github.com/apache/airflow/pull/33932","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/33932"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml"},{"reference_url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783","reference_id":"CVE-2023-50783","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783"},{"reference_url":"https://github.com/advisories/GHSA-5938-79hg-xh3q","reference_id":"GHSA-5938-79hg-xh3q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5938-79hg-xh3q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30906?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["BIT-airflow-2023-50783","CVE-2023-50783","GHSA-5938-79hg-xh3q","PYSEC-2023-267"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nfbc-tutd-37bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8846?format=json","vulnerability_id":"VCID-pb3b-22wk-pbh5","summary":"Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39508","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65433","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39508"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/43","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/43"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8"},{"reference_url":"https://github.com/apache/airflow/pull/29706","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"https://github.com/apache/airflow/pull/29706"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml"},{"reference_url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508","reference_id":"CVE-2023-39508","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508"},{"reference_url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm","reference_id":"GHSA-269x-pg5c-5xgm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30880?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-1ptn-xvsy-d3hu"},{"vulnerability":"VCID-1tvn-y85f-jkb9"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-7z8j-8f4d-53dm"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-d3kc-fn21-xqar"},{"vulnerability":"VCID-dk1y-938p-k3bv"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-vy44-rbar-w3fn"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-39508","CVE-2023-39508","GHSA-269x-pg5c-5xgm","PYSEC-2023-134"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pb3b-22wk-pbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8911?format=json","vulnerability_id":"VCID-pmtw-nwnc-nyfw","summary":"Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42792","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69268","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42792"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/34366","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"https://github.com/apache/airflow/pull/34366"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml"},{"reference_url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792","reference_id":"CVE-2023-42792","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792"},{"reference_url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9","reference_id":"GHSA-j3w8-2p2h-mrr9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30898?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42792","CVE-2023-42792","GHSA-j3w8-2p2h-mrr9","PYSEC-2023-203"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmtw-nwnc-nyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8987?format=json","vulnerability_id":"VCID-rysu-xhvt-yqda","summary":"Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48291","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.2562","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48291"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c"},{"reference_url":"https://github.com/apache/airflow/pull/34366","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/34366"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml"},{"reference_url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/1","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291","reference_id":"CVE-2023-48291","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291"},{"reference_url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh","reference_id":"GHSA-8f57-wcmg-4jmh","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30906?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["BIT-airflow-2023-48291","CVE-2023-48291","GHSA-8f57-wcmg-4jmh","PYSEC-2023-265"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rysu-xhvt-yqda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8880?format=json","vulnerability_id":"VCID-s49h-br5r-5yh8","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40712","reference_id":"","reference_type":"","scores":[{"value":"0.00136","scoring_system":"epss","scoring_elements":"0.33236","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40712"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e"},{"reference_url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148"},{"reference_url":"https://github.com/apache/airflow/pull/33512","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://github.com/apache/airflow/pull/33512"},{"reference_url":"https://github.com/apache/airflow/pull/33516","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://github.com/apache/airflow/pull/33516"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml"},{"reference_url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712","reference_id":"CVE-2023-40712","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712"},{"reference_url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw","reference_id":"GHSA-mjqh-v5f2-g2mw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30896?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-63fw-ggbk-9ycy"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["BIT-airflow-2023-40712","CVE-2023-40712","GHSA-mjqh-v5f2-g2mw","PYSEC-2023-171"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s49h-br5r-5yh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9629?format=json","vulnerability_id":"VCID-tpjn-4kru-vucv","summary":"In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30912","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26413","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30912"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/63028","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/"}],"url":"https://github.com/apache/airflow/pull/63028"},{"reference_url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/"}],"url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30912","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30912"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/5"},{"reference_url":"https://github.com/advisories/GHSA-w7cf-2pmc-5m4c","reference_id":"GHSA-w7cf-2pmc-5m4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7cf-2pmc-5m4c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/48415?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["BIT-airflow-2026-30912","CVE-2026-30912","GHSA-w7cf-2pmc-5m4c","PYSEC-2026-18"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tpjn-4kru-vucv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8863?format=json","vulnerability_id":"VCID-vj7z-pmk3-cydg","summary":"Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37379","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40518","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37379"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603"},{"reference_url":"https://github.com/apache/airflow/pull/32052","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"https://github.com/apache/airflow/pull/32052"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml"},{"reference_url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/23/4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/08/23/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379","reference_id":"CVE-2023-37379","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379"},{"reference_url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh","reference_id":"GHSA-x2mh-8fmc-rqgh","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30890?format=json","purl":"pkg:pypi/apache-airflow@2.7.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/30893?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-63fw-ggbk-9ycy"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-g9j4-fhpm-uuba"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"}],"aliases":["BIT-airflow-2023-37379","CVE-2023-37379","GHSA-x2mh-8fmc-rqgh","PYSEC-2023-152"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vj7z-pmk3-cydg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9521?format=json","vulnerability_id":"VCID-vras-f42j-xqfg","summary":"In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68675","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10793","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68675"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/59688","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/"}],"url":"https://github.com/apache/airflow/pull/59688"},{"reference_url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/"}],"url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/15/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/15/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675","reference_id":"CVE-2025-68675","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675"},{"reference_url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h","reference_id":"GHSA-7c2f-r6gc-h92h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30949?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/45988?format=json","purl":"pkg:pypi/apache-airflow@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-9x6r-5m59-yyap"},{"vulnerability":"VCID-bv7f-s53t-uqe4"},{"vulnerability":"VCID-g8pv-cam5-d7dj"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kmz1-dm9f-d7hj"},{"vulnerability":"VCID-m3ff-jty5-3uhw"},{"vulnerability":"VCID-nrc9-bdc2-dfes"},{"vulnerability":"VCID-pvh4-3wng-ekdq"},{"vulnerability":"VCID-tj2m-5j3f-5ueq"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vwv4-7y7y-9fcj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6"}],"aliases":["BIT-airflow-2025-68675","CVE-2025-68675","GHSA-7c2f-r6gc-h92h","PYSEC-2026-10"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vras-f42j-xqfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8822?format=json","vulnerability_id":"VCID-vy44-rbar-w3fn","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35908","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4368","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35908"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db"},{"reference_url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352"},{"reference_url":"https://github.com/apache/airflow/pull/32014","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/"}],"url":"https://github.com/apache/airflow/pull/32014"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml"},{"reference_url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/"}],"url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908","reference_id":"CVE-2023-35908","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908"},{"reference_url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj","reference_id":"GHSA-2h84-3crq-vgfj","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30889?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vj7z-pmk3-cydg"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"},{"vulnerability":"VCID-z5b8-kcbh-m7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-35908","CVE-2023-35908","GHSA-2h84-3crq-vgfj","PYSEC-2023-119"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vy44-rbar-w3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9197?format=json","vulnerability_id":"VCID-w8ff-8479-rbfq","summary":"Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45034","reference_id":"","reference_type":"","scores":[{"value":"0.03097","scoring_system":"epss","scoring_elements":"0.87026","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45034"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d"},{"reference_url":"https://github.com/apache/airflow/pull/41672","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/"}],"url":"https://github.com/apache/airflow/pull/41672"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml"},{"reference_url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/"}],"url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/09/06/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/09/06/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45034","reference_id":"CVE-2024-45034","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45034"},{"reference_url":"https://github.com/advisories/GHSA-92xg-gmrq-5c3w","reference_id":"GHSA-92xg-gmrq-5c3w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92xg-gmrq-5c3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30935?format=json","purl":"pkg:pypi/apache-airflow@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1"}],"aliases":["BIT-airflow-2024-45034","CVE-2024-45034","GHSA-92xg-gmrq-5c3w","PYSEC-2024-212"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-8479-rbfq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9171?format=json","vulnerability_id":"VCID-xwza-guvs-83a9","summary":"Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39863","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6303","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39863"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58"},{"reference_url":"https://github.com/apache/airflow/pull/40475","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/"}],"url":"https://github.com/apache/airflow/pull/40475"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml"},{"reference_url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/"}],"url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39863","reference_id":"CVE-2024-39863","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39863"},{"reference_url":"https://github.com/advisories/GHSA-j482-47xf-p25c","reference_id":"GHSA-j482-47xf-p25c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j482-47xf-p25c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30929?format=json","purl":"pkg:pypi/apache-airflow@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3"}],"aliases":["BIT-airflow-2024-39863","CVE-2024-39863","GHSA-j482-47xf-p25c","PYSEC-2024-189"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xwza-guvs-83a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9080?format=json","vulnerability_id":"VCID-yrx8-dtav-83av","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27906","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16263","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27906"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b"},{"reference_url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9"},{"reference_url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7"},{"reference_url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a"},{"reference_url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326"},{"reference_url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446"},{"reference_url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24"},{"reference_url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2"},{"reference_url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4"},{"reference_url":"https://github.com/apache/airflow/pull/37290","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://github.com/apache/airflow/pull/37290"},{"reference_url":"https://github.com/apache/airflow/pull/37468","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://github.com/apache/airflow/pull/37468"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml"},{"reference_url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/29/1","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/29/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906","reference_id":"CVE-2024-27906","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906"},{"reference_url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2","reference_id":"GHSA-6v6w-h8m6-7mv2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30912?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-974g-7wsa-dqd7"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-k4r8-a72h-fkdf"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["BIT-airflow-2024-27906","CVE-2024-27906","GHSA-6v6w-h8m6-7mv2","PYSEC-2024-245"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrx8-dtav-83av"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8927?format=json","vulnerability_id":"VCID-z5b8-kcbh-m7hr","summary":"Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0.\n\nSensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2).\n\nUsers are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46288","reference_id":"","reference_type":"","scores":[{"value":"0.00586","scoring_system":"epss","scoring_elements":"0.69398","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46288"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4a525e85e31b26d413c986c86d181114bb37bd06","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4a525e85e31b26d413c986c86d181114bb37bd06"},{"reference_url":"https://github.com/apache/airflow/pull/32261","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T14:28:49Z/"}],"url":"https://github.com/apache/airflow/pull/32261"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-218.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-218.yaml"},{"reference_url":"https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T14:28:49Z/"}],"url":"https://lists.apache.org/thread/yw4vzm0c5lqkwm0bxv6qy03yfd1od4nw"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/17/10","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-11T14:28:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/17/10"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46288","reference_id":"CVE-2023-46288","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46288"},{"reference_url":"https://github.com/advisories/GHSA-9qqg-mh7c-chfq","reference_id":"GHSA-9qqg-mh7c-chfq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9qqg-mh7c-chfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30893?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-2q7x-bua5-37h7"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-63fw-ggbk-9ycy"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-8npr-rvfd-jkfj"},{"vulnerability":"VCID-8ykk-1kak-6bfd"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-g9j4-fhpm-uuba"},{"vulnerability":"VCID-hgq2-kuex-y3a3"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-pmtw-nwnc-nyfw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-s49h-br5r-5yh8"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/30898?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1963-1kyn-2ban"},{"vulnerability":"VCID-1azm-hsvr-f3e8"},{"vulnerability":"VCID-4u8d-ezsr-sqcz"},{"vulnerability":"VCID-82p8-yujf-hkdd"},{"vulnerability":"VCID-8m3p-yzr8-yyhj"},{"vulnerability":"VCID-arbk-dryb-qkda"},{"vulnerability":"VCID-cxqa-pqca-pqgc"},{"vulnerability":"VCID-fctg-457f-4uae"},{"vulnerability":"VCID-hpf3-3z3m-6ydt"},{"vulnerability":"VCID-j6uh-kx6m-sydp"},{"vulnerability":"VCID-kb4a-mm13-63bj"},{"vulnerability":"VCID-mbgq-fq5n-kufh"},{"vulnerability":"VCID-nfbc-tutd-37bw"},{"vulnerability":"VCID-rysu-xhvt-yqda"},{"vulnerability":"VCID-tpjn-4kru-vucv"},{"vulnerability":"VCID-unq1-wwfg-6ydk"},{"vulnerability":"VCID-vras-f42j-xqfg"},{"vulnerability":"VCID-w8ff-8479-rbfq"},{"vulnerability":"VCID-xwza-guvs-83a9"},{"vulnerability":"VCID-yrx8-dtav-83av"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-46288","CVE-2023-46288","GHSA-9qqg-mh7c-chfq","PYSEC-2023-218"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z5b8-kcbh-m7hr"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0rc5"}