Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow-providers-apache-spark@1.0.0rc1
Typepypi
Namespace
Nameapache-airflow-providers-apache-spark
Version1.0.0rc1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.3
Latest_non_vulnerable_version4.1.3
Affected_by_vulnerabilities
0
url VCID-8k6a-fph5-pkad
vulnerability_id VCID-8k6a-fph5-pkad
summary Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-28710
reference_id
reference_type
scores
0
value 0.01884
scoring_system epss
scoring_elements 0.83482
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-28710
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/pull/30223
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:28:06Z/
url https://github.com/apache/airflow/pull/30223
3
reference_url https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:28:06Z/
url https://lists.apache.org/thread/lb9w9114ow00h2nkn8bjm106v5x1p1d2
4
reference_url http://www.openwall.com/lists/oss-security/2023/04/07/3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-22T15:28:06Z/
url http://www.openwall.com/lists/oss-security/2023/04/07/3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-28710
reference_id CVE-2023-28710
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-28710
6
reference_url https://github.com/advisories/GHSA-ffj9-4crc-q7wf
reference_id GHSA-ffj9-4crc-q7wf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ffj9-4crc-q7wf
fixed_packages
0
url pkg:pypi/apache-airflow-providers-apache-spark@4.0.1
purl pkg:pypi/apache-airflow-providers-apache-spark@4.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-tue4-mras-u7ec
1
vulnerability VCID-vdqq-8m22-d3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-apache-spark@4.0.1
aliases CVE-2023-28710, GHSA-ffj9-4crc-q7wf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8k6a-fph5-pkad
1
url VCID-tue4-mras-u7ec
vulnerability_id VCID-tue4-mras-u7ec
summary 
Deserialization of Untrusted Data, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Software Foundation Apache Airflow Spark Provider.

When the Apache Spark provider is installed on an Airflow deployment, an Airflow user that is authorized to configure Spark hooks can effectively run arbitrary code on the Airflow node by pointing it at a malicious Spark server. Prior to version 4.1.3, this was not called out in the documentation explicitly, so it is possible that administrators provided authorizations to configure Spark hooks without taking this into account. We recommend administrators to review their configurations to make sure the authorization to configure Spark hooks is only provided to fully trusted users.

To view the warning in the docs please visit  https://airflow.apache.org/docs/apache-airflow-providers-apache-spark/4.1.3/connections/spark.html
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40195
reference_id
reference_type
scores
0
value 0.03032
scoring_system epss
scoring_elements 0.86891
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40195
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/commit/6850b5c777fa515e110ad1daa85242209a8ec6c0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow/commit/6850b5c777fa515e110ad1daa85242209a8ec6c0
3
reference_url https://github.com/apache/airflow/pull/33233
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:26Z/
url https://github.com/apache/airflow/pull/33233
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-apache-spark/PYSEC-2023-156.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow-providers-apache-spark/PYSEC-2023-156.yaml
5
reference_url https://lists.apache.org/thread/fzy95b1d6zv31j5wrx3znhzcscck2o24
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:26Z/
url https://lists.apache.org/thread/fzy95b1d6zv31j5wrx3znhzcscck2o24
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40195
reference_id CVE-2023-40195
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40195
7
reference_url https://github.com/advisories/GHSA-8q28-pw9g-w82c
reference_id GHSA-8q28-pw9g-w82c
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8q28-pw9g-w82c
fixed_packages
0
url pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
purl pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
aliases CVE-2023-40195, GHSA-8q28-pw9g-w82c, PYSEC-2023-156
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tue4-mras-u7ec
2
url VCID-vdqq-8m22-d3dy
vulnerability_id VCID-vdqq-8m22-d3dy
summary 
Apache Airflow Spark Provider Improper Input Validation vulnerability
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server.
It is recommended to upgrade to a version that is not affected.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-40272
reference_id
reference_type
scores
0
value 0.00648
scoring_system epss
scoring_elements 0.71129
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-40272
1
reference_url https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:37:59Z/
url https://lists.apache.org/thread/t03gktyzyor20rh06okd91jtqmw6k1l7
2
reference_url http://www.openwall.com/lists/oss-security/2023/08/17/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:37:59Z/
url http://www.openwall.com/lists/oss-security/2023/08/17/1
3
reference_url http://www.openwall.com/lists/oss-security/2023/08/18/1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T19:37:59Z/
url http://www.openwall.com/lists/oss-security/2023/08/18/1
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-40272
reference_id CVE-2023-40272
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-40272
5
reference_url https://github.com/advisories/GHSA-r2f6-6928-fh8f
reference_id GHSA-r2f6-6928-fh8f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2f6-6928-fh8f
fixed_packages
0
url pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
purl pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-apache-spark@4.1.3
aliases CVE-2023-40272, GHSA-r2f6-6928-fh8f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdqq-8m22-d3dy
3
url VCID-y76t-bjep-43fd
vulnerability_id VCID-y76t-bjep-43fd
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-40954
reference_id
reference_type
scores
0
value 0.01131
scoring_system epss
scoring_elements 0.78639
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-40954
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/pull/27646
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/
url https://github.com/apache/airflow/pull/27646
3
reference_url https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/
url https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-40954
reference_id CVE-2022-40954
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-40954
5
reference_url https://github.com/advisories/GHSA-45r6-j3cc-6mxx
reference_id GHSA-45r6-j3cc-6mxx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-45r6-j3cc-6mxx
fixed_packages
0
url pkg:pypi/apache-airflow-providers-apache-spark@4.0.0
purl pkg:pypi/apache-airflow-providers-apache-spark@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8k6a-fph5-pkad
1
vulnerability VCID-tue4-mras-u7ec
2
vulnerability VCID-vdqq-8m22-d3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-apache-spark@4.0.0
aliases CVE-2022-40954, GHSA-45r6-j3cc-6mxx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y76t-bjep-43fd
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-apache-spark@1.0.0rc1