Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow@2.11.1rc1
Typepypi
Namespace
Nameapache-airflow
Version2.11.1rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.0
Latest_non_vulnerable_version3.2.0
Affected_by_vulnerabilities
0
url VCID-2xr2-w3hk-auck
vulnerability_id VCID-2xr2-w3hk-auck
summary 
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.

Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
references
0
reference_url https://github.com/apache/airflow/pull/61641
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://github.com/apache/airflow/pull/61641
1
reference_url https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po
2
reference_url http://www.openwall.com/lists/oss-security/2026/04/17/9
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
url http://www.openwall.com/lists/oss-security/2026/04/17/9
fixed_packages
0
url pkg:pypi/apache-airflow@3.2.0
purl pkg:pypi/apache-airflow@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0
aliases CVE-2026-25917, PYSEC-2026-13
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2xr2-w3hk-auck
1
url VCID-91n6-evww-zybp
vulnerability_id VCID-91n6-evww-zybp
summary In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.
references
0
reference_url https://github.com/apache/airflow/pull/63028
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/apache/airflow/pull/63028
1
reference_url https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9
2
reference_url http://www.openwall.com/lists/oss-security/2026/04/17/5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url http://www.openwall.com/lists/oss-security/2026/04/17/5
fixed_packages
0
url pkg:pypi/apache-airflow@3.2.0
purl pkg:pypi/apache-airflow@3.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0
aliases CVE-2026-30912, PYSEC-2026-18
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-91n6-evww-zybp
2
url VCID-dh4r-77xc-cbas
vulnerability_id VCID-dh4r-77xc-cbas
summary 
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.

This issue affects Apache Airflow Sqoop Provider versions before 3.1.1.
references
0
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
url https://github.com/apache/airflow
1
reference_url https://github.com/apache/airflow/pull/29500
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://github.com/apache/airflow/pull/29500
2
reference_url https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-25693
reference_id CVE-2023-25693
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-25693
4
reference_url https://github.com/advisories/GHSA-j69x-v4wc-3fpf
reference_id GHSA-j69x-v4wc-3fpf
reference_type
scores
url https://github.com/advisories/GHSA-j69x-v4wc-3fpf
fixed_packages
0
url pkg:pypi/apache-airflow@3.1.1
purl pkg:pypi/apache-airflow@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b14-1bp2-gua6
1
vulnerability VCID-2xr2-w3hk-auck
2
vulnerability VCID-5hxx-r2d2-9ybk
3
vulnerability VCID-91n6-evww-zybp
4
vulnerability VCID-9j1n-cypf-p7g5
5
vulnerability VCID-etmw-7eq5-mqa2
6
vulnerability VCID-ezmu-8g1y-e3hz
7
vulnerability VCID-geg4-1kgh-akde
8
vulnerability VCID-hkwf-65vr-dkfz
9
vulnerability VCID-knrd-atwy-gubn
10
vulnerability VCID-snqz-3f8t-syhd
11
vulnerability VCID-t3ap-dzfp-1bd6
12
vulnerability VCID-tbb9-myv7-a7h4
13
vulnerability VCID-w56f-fmkf-dkfv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1
aliases CVE-2023-25693, GHSA-j69x-v4wc-3fpf, PYSEC-2023-314
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dh4r-77xc-cbas
3
url VCID-t3ap-dzfp-1bd6
vulnerability_id VCID-t3ap-dzfp-1bd6
summary 
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.

Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue
references
0
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
url https://github.com/apache/airflow
1
reference_url https://github.com/apache/airflow/pull/59688
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/apache/airflow/pull/59688
2
reference_url https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5
3
reference_url http://www.openwall.com/lists/oss-security/2026/01/15/6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url http://www.openwall.com/lists/oss-security/2026/01/15/6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-68675
reference_id CVE-2025-68675
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-68675
5
reference_url https://github.com/advisories/GHSA-7c2f-r6gc-h92h
reference_id GHSA-7c2f-r6gc-h92h
reference_type
scores
url https://github.com/advisories/GHSA-7c2f-r6gc-h92h
fixed_packages
0
url pkg:pypi/apache-airflow@2.11.1
purl pkg:pypi/apache-airflow@2.11.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2xr2-w3hk-auck
1
vulnerability VCID-91n6-evww-zybp
2
vulnerability VCID-dh4r-77xc-cbas
3
vulnerability VCID-t3ap-dzfp-1bd6
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1
1
url pkg:pypi/apache-airflow@3.1.6
purl pkg:pypi/apache-airflow@3.1.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2b14-1bp2-gua6
1
vulnerability VCID-2xr2-w3hk-auck
2
vulnerability VCID-5hxx-r2d2-9ybk
3
vulnerability VCID-91n6-evww-zybp
4
vulnerability VCID-9j1n-cypf-p7g5
5
vulnerability VCID-etmw-7eq5-mqa2
6
vulnerability VCID-geg4-1kgh-akde
7
vulnerability VCID-hkwf-65vr-dkfz
8
vulnerability VCID-knrd-atwy-gubn
9
vulnerability VCID-tbb9-myv7-a7h4
10
vulnerability VCID-w56f-fmkf-dkfv
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6
aliases CVE-2025-68675, GHSA-7c2f-r6gc-h92h, PYSEC-2026-10
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t3ap-dzfp-1bd6
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1rc1