{"url":"http://public2.vulnerablecode.io/api/packages/53482?format=json","purl":"pkg:pypi/apache-airflow@1.10.2rc1","type":"pypi","namespace":"","name":"apache-airflow","version":"1.10.2rc1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.12.0","latest_non_vulnerable_version":"3.2.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/132652?format=json","vulnerability_id":"VCID-168u-zs7t-pqdf","summary":"Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow.\n\nSensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend\nNote: the vulnerability is about the information exposed in the logs not about accessing the logs.\n\nThis issue affects Apache Airflow Celery provider: from 3.3.0 through 3.4.0; Apache Airflow: from 1.10.0 through 2.6.3.\n\nUsers are recommended to upgrade Airflow Celery provider to version 3.4.1 and Apache Airlfow to version 2.7.0 which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46215","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41143","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.4131","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46215"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46215","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46215"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/10/28/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/10/28/1"},{"reference_url":"https://github.com/apache/airflow/pull/34954","reference_id":"34954","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/"}],"url":"https://github.com/apache/airflow/pull/34954"},{"reference_url":"https://github.com/advisories/GHSA-666g-rfc5-c9jv","reference_id":"GHSA-666g-rfc5-c9jv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-666g-rfc5-c9jv"},{"reference_url":"https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n","reference_id":"wm1jfmks7r6m7bj0mq4lmw3998svn46n","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-09T14:33:38Z/"}],"url":"https://lists.apache.org/thread/wm1jfmks7r6m7bj0mq4lmw3998svn46n"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30665?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"}],"aliases":["CVE-2023-46215","GHSA-666g-rfc5-c9jv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-168u-zs7t-pqdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57113?format=json","vulnerability_id":"VCID-1fke-agqs-bkd1","summary":"Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link.\nUsers should upgrade to 2.10.0 or later, which fixes this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41937","reference_id":"","reference_type":"","scores":[{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.78868","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01137","scoring_system":"epss","scoring_elements":"0.78802","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41937"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f1852c2ab28b155e196569780013fbb61a4a1f98"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-181.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/08/21/3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/08/21/3"},{"reference_url":"https://github.com/apache/airflow/pull/40933","reference_id":"40933","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/"}],"url":"https://github.com/apache/airflow/pull/40933"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41937","reference_id":"CVE-2024-41937","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-41937"},{"reference_url":"https://github.com/advisories/GHSA-w7cp-g8v7-r54m","reference_id":"GHSA-w7cp-g8v7-r54m","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7cp-g8v7-r54m"},{"reference_url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d","reference_id":"lwlmgg6hqfmkpvw5py4w53hxyl37jl6d","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T13:36:00Z/"}],"url":"https://lists.apache.org/thread/lwlmgg6hqfmkpvw5py4w53hxyl37jl6d"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33067?format=json","purl":"pkg:pypi/apache-airflow@2.10.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u7dn-13j9-jkex"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.0"}],"aliases":["BIT-airflow-2024-41937","CVE-2024-41937","GHSA-w7cp-g8v7-r54m","PYSEC-2024-181"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1fke-agqs-bkd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/147952?format=json","vulnerability_id":"VCID-2r7f-dzef-dfcs","summary":"We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. \n\nApache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc. \n\nUsers should upgrade to version 2.7.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47037","reference_id":"","reference_type":"","scores":[{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.2456","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00084","scoring_system":"epss","scoring_elements":"0.24365","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-47037"},{"reference_url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hm9r-7f84-25c9"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-232.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47037"},{"reference_url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0","reference_id":"04y4vrw1t2xl030gswtctc4nt1w90cb0","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"https://lists.apache.org/thread/04y4vrw1t2xl030gswtctc4nt1w90cb0"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/1","reference_id":"1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/1"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"33413","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:19:46Z/"}],"url":"https://github.com/apache/airflow/pull/33413"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74342?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["BIT-airflow-2023-47037","CVE-2023-47037","GHSA-hm9r-7f84-25c9","PYSEC-2023-232"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2r7f-dzef-dfcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/138883?format=json","vulnerability_id":"VCID-2urm-nyak-63ew","summary":"Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests, leading to a denial of service (DoS) condition on the server. Furthermore, malicious actors can leverage this vulnerability to establish harmful connections with the server.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability. Additionally, administrators are encouraged to review and adjust user permissions to restrict access to sensitive functionalities, reducing the attack surface.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37379","reference_id":"","reference_type":"","scores":[{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40769","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00189","scoring_system":"epss","scoring_elements":"0.40601","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-37379"},{"reference_url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x2mh-8fmc-rqgh"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/e4c3ecf8ceaefa17525b495e4bcb5b2f41309603"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-152.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37379"},{"reference_url":"https://github.com/apache/airflow/pull/32052","reference_id":"32052","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"https://github.com/apache/airflow/pull/32052"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/23/4","reference_id":"4","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/08/23/4"},{"reference_url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r","reference_id":"g5c9vcn27lr14go48thrjpo6f4vw571r","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:30:43Z/"}],"url":"https://lists.apache.org/thread/g5c9vcn27lr14go48thrjpo6f4vw571r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74333?format=json","purl":"pkg:pypi/apache-airflow@2.7.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/30665?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"}],"aliases":["BIT-airflow-2023-37379","CVE-2023-37379","GHSA-x2mh-8fmc-rqgh","PYSEC-2023-152"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2urm-nyak-63ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146652?format=json","vulnerability_id":"VCID-2w8y-kxer-s7e2","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommended to upgrade to version 2.8.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50944","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.35007","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34828","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50944"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8d76538d6e105947272b000581c6fabec20146b1"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-14.yaml"},{"reference_url":"https://github.com/apache/airflow/pull/36257","reference_id":"36257","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"https://github.com/apache/airflow/pull/36257"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/24/5","reference_id":"5","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/24/5"},{"reference_url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h","reference_id":"92krb5mpcq8qrw4t4j5oooqw7hgd8q7h","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T15:48:59Z/"}],"url":"https://lists.apache.org/thread/92krb5mpcq8qrw4t4j5oooqw7hgd8q7h"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944","reference_id":"CVE-2023-50944","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50944"},{"reference_url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w","reference_id":"GHSA-vm5m-qmrx-fw8w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vm5m-qmrx-fw8w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28561?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/29452?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["BIT-airflow-2023-50944","CVE-2023-50944","GHSA-vm5m-qmrx-fw8w","PYSEC-2024-14"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w8y-kxer-s7e2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205058?format=json","vulnerability_id":"VCID-3dmy-j4pr-3kb6","summary":"Multiple stored XSS in RBAC Admin screens in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11983","reference_id":"","reference_type":"","scores":[{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61931","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00411","scoring_system":"epss","scoring_elements":"0.61831","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11983"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-17.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11983","reference_id":"CVE-2020-11983","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11983"},{"reference_url":"https://github.com/advisories/GHSA-q4p3-qw5c-mhpc","reference_id":"GHSA-q4p3-qw5c-mhpc","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q4p3-qw5c-mhpc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16771?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/16769?format=json","purl":"pkg:pypi/apache-airflow@1.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11"}],"aliases":["BIT-airflow-2020-11983","CVE-2020-11983","GHSA-q4p3-qw5c-mhpc","PYSEC-2020-17"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3dmy-j4pr-3kb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218105?format=json","vulnerability_id":"VCID-3ep8-xwyq-q7d9","summary":"Improper Access Control on Configurations Endpoint for the Stable API of Apache Airflow allows users with Viewer or User role to get Airflow Configurations including sensitive information even when `[webserver] expose_config` is set to `False` in `airflow.cfg`. This allowed a privilege escalation attack. This issue affects Apache Airflow 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26559","reference_id":"","reference_type":"","scores":[{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68636","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00557","scoring_system":"epss","scoring_elements":"0.68728","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26559"},{"reference_url":"https://github.com/advisories/GHSA-ffw3-6mp6-jmvj","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ffw3-6mp6-jmvj"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/blob/486b76438c0679682cf98cb88ed39c4b161cbcc8/CHANGELOG.txt","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/blob/486b76438c0679682cf98cb88ed39c4b161cbcc8/CHANGELOG.txt"},{"reference_url":"https://github.com/apache/airflow/commit/3909232fafd09ac72b49010ecdfd6ea48f06d5cf","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/3909232fafd09ac72b49010ecdfd6ea48f06d5cf"},{"reference_url":"https://github.com/apache/airflow/commit/5e35926c7eda0dfa11a9623e4bf5f60c2bd6b3f6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/5e35926c7eda0dfa11a9623e4bf5f60c2bd6b3f6"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-2.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3b3787700279ec361308cbefb7c2cce2acb26891a12ce864e4a13c8d%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd142565996d7ee847b9c14b8a9921dcf80bc6bc160e3d9dca6dfc2f8@%3Cannounce.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26559","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26559"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/17/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/02/17/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62487?format=json","purl":"pkg:pypi/apache-airflow@2.0.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/62489?format=json","purl":"pkg:pypi/apache-airflow@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1"}],"aliases":["BIT-airflow-2021-26559","CVE-2021-26559","GHSA-ffw3-6mp6-jmvj","PYSEC-2021-2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ep8-xwyq-q7d9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203498?format=json","vulnerability_id":"VCID-3mcw-4t4r-kfhy","summary":"Apache Airflow vulnerable to CSRF Attacks","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0229","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5975","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59859","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0229"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-215.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-215.yaml"},{"reference_url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://web.archive.org/web/20200227081055/http://www.securityfocus.com/bid/107869","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227081055/http://www.securityfocus.com/bid/107869"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/10/6","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/10/6"},{"reference_url":"http://www.securityfocus.com/bid/107869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107869"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0229","reference_id":"CVE-2019-0229","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0229"},{"reference_url":"https://github.com/advisories/GHSA-w6j4-3gh2-9f5j","reference_id":"GHSA-w6j4-3gh2-9f5j","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w6j4-3gh2-9f5j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53962?format=json","purl":"pkg:pypi/apache-airflow@1.10.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-3mcw-4t4r-kfhy"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qbvb-qhyc-nbdp"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-uj57-9mwj-xueb"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z7ws-c1xv-cybz"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3b1"},{"url":"http://public2.vulnerablecode.io/api/packages/15147?format=json","purl":"pkg:pypi/apache-airflow@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qbvb-qhyc-nbdp"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-uj57-9mwj-xueb"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3"}],"aliases":["CVE-2019-0229","GHSA-w6j4-3gh2-9f5j","PYSEC-2019-215"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3mcw-4t4r-kfhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56829?format=json","vulnerability_id":"VCID-4e1s-kjwm-4ffg","summary":"Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50378","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5269","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52562","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-50378"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50378","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-50378"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/08/5","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/08/5"},{"reference_url":"https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb","reference_id":"17rxys384lzfd6nhm3fztzgvk47zy7jb","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/"}],"url":"https://lists.apache.org/thread/17rxys384lzfd6nhm3fztzgvk47zy7jb"},{"reference_url":"https://github.com/apache/airflow/pull/43123","reference_id":"43123","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-08T17:21:41Z/"}],"url":"https://github.com/apache/airflow/pull/43123"},{"reference_url":"https://github.com/advisories/GHSA-j857-2pwm-jjmm","reference_id":"GHSA-j857-2pwm-jjmm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-j857-2pwm-jjmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74370?format=json","purl":"pkg:pypi/apache-airflow@2.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3"}],"aliases":["CVE-2024-50378","GHSA-j857-2pwm-jjmm"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1s-kjwm-4ffg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/88341?format=json","vulnerability_id":"VCID-4n4v-jv1f-1bgk","summary":"The example example_xcom that was included in airflow documentation implemented unsafe pattern of reading value\nfrom xcom in the way that could be exploited to allow UI user who had access to modify XComs to perform arbitrary\nexecution of code on the worker. Since the UI users are already highly trusted, this is a Low severity vulnerability.\n\nIt does not affect Airflow release - example_dags are not supposed to be enabled in production environment, however\nusers following the example could replicate the bad pattern. Documentation of Airflow 3.2.0 contains version of\nthe example with improved resiliance for that case.\n\nUsers who followed that pattern are advised to adjust their implementations accordingly.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54550","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1733","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17493","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54550"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54550","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-54550"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/15/1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/15/1"},{"reference_url":"https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1","reference_id":"3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T11:56:37Z/"}],"url":"https://lists.apache.org/thread/3mf4cfx070ofsnf9qy0s2v5gqb5sc2g1"},{"reference_url":"https://github.com/apache/airflow/pull/63200","reference_id":"63200","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-16T11:56:37Z/"}],"url":"https://github.com/apache/airflow/pull/63200"},{"reference_url":"https://github.com/advisories/GHSA-q2hg-643c-gw8h","reference_id":"GHSA-q2hg-643c-gw8h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q2hg-643c-gw8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92193?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-7nmp-wvjt-5qcd"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-r4gm-ygr6-4ffs"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-y78u-y824-afc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["CVE-2025-54550","GHSA-q2hg-643c-gw8h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4n4v-jv1f-1bgk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/174009?format=json","vulnerability_id":"VCID-4q46-3648-ckaq","summary":"A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40127","reference_id":"","reference_type":"","scores":[{"value":"0.93305","scoring_system":"epss","scoring_elements":"0.99818","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40127"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/372e699c2d1e11f7087b5340454d0a0a6a56fbf5"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42982.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/14/2","reference_id":"2","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/14/2"},{"reference_url":"https://github.com/apache/airflow/pull/25960","reference_id":"25960","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/"}],"url":"https://github.com/apache/airflow/pull/25960"},{"reference_url":"https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy","reference_id":"cf132hgm6jvzvsbpsozl3plf1r4cwysy","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-30T18:58:19Z/"}],"url":"https://lists.apache.org/thread/cf132hgm6jvzvsbpsozl3plf1r4cwysy"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40127","reference_id":"CVE-2022-40127","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40127"},{"reference_url":"https://github.com/advisories/GHSA-6pw3-8h9w-32gc","reference_id":"GHSA-6pw3-8h9w-32gc","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6pw3-8h9w-32gc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27853?format=json","purl":"pkg:pypi/apache-airflow@2.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.0"}],"aliases":["BIT-airflow-2022-40127","CVE-2022-40127","GHSA-6pw3-8h9w-32gc","PYSEC-2022-42982"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4q46-3648-ckaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32633?format=json","vulnerability_id":"VCID-668v-1v1b-9bf2","summary":"Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. \n\nAirflow did not return \"Cache-Control\" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser.\n\nThis issue affects Apache Airflow: before 2.9.2.\n\nUsers are recommended to upgrade to version 2.9.2, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25142","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27769","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.27568","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25142"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/94eb647de692a4d9555b02dce85974da5d4c04e3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-195.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/06/13/1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/06/13/1"},{"reference_url":"https://github.com/apache/airflow/pull/39550","reference_id":"39550","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/"}],"url":"https://github.com/apache/airflow/pull/39550"},{"reference_url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr","reference_id":"cg1j28lk0fhzthk0of1g7vy7p2n1j7nr","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-14T18:05:59Z/"}],"url":"https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25142","reference_id":"CVE-2024-25142","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25142"},{"reference_url":"https://github.com/advisories/GHSA-9xpj-62mm-24h2","reference_id":"GHSA-9xpj-62mm-24h2","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9xpj-62mm-24h2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32199?format=json","purl":"pkg:pypi/apache-airflow@2.9.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.2"}],"aliases":["BIT-airflow-2024-25142","CVE-2024-25142","GHSA-9xpj-62mm-24h2","PYSEC-2024-195"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-668v-1v1b-9bf2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218082?format=json","vulnerability_id":"VCID-6a87-cq75-3ubt","summary":"In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17511","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65898","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65994","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17511"},{"reference_url":"https://github.com/advisories/GHSA-cvcq-gmc3-q6m8","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cvcq-gmc3-q6m8"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4e32546faf227a6497ce8b282fff7450cae6f665","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4e32546faf227a6497ce8b282fff7450cae6f665"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-262.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-262.yaml"},{"reference_url":"https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ree782a29d927b96bf0b39fb92e2f1f09ea3112a985f7a08ce93765ac%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17511","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"},{"value":"2.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17511"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61831?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"}],"aliases":["BIT-airflow-2020-17511","CVE-2020-17511","GHSA-cvcq-gmc3-q6m8","PYSEC-2020-262"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a87-cq75-3ubt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205060?format=json","vulnerability_id":"VCID-6jcy-9yty-w3gv","summary":"Command injection via Celery broker in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11981","reference_id":"","reference_type":"","scores":[{"value":"0.91588","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91588","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11981"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/1dda6fdde7c6bcaf0d6534786beeeba868006dd2"},{"reference_url":"https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/afa4b11fddfdbadb048f742cf66d5c21c675a5c8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-15.yaml"},{"reference_url":"https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20220427031325/https://issues.apache.org/jira/browse/AIRFLOW-6351"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11981","reference_id":"CVE-2020-11981","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11981"},{"reference_url":"https://github.com/advisories/GHSA-976r-qfjj-c24w","reference_id":"GHSA-976r-qfjj-c24w","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-976r-qfjj-c24w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16771?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["BIT-airflow-2020-11981","CVE-2020-11981","GHSA-976r-qfjj-c24w","PYSEC-2020-15"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jcy-9yty-w3gv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218375?format=json","vulnerability_id":"VCID-6smg-qne8-hfgj","summary":"Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nThis is a missing fix for CVE-2023-42792 in Apache Airflow 2.7.2 \n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.8.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48291","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25634","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25833","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-48291"},{"reference_url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8f57-wcmg-4jmh"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4f1b500c47813c54349b7d3e48df0a444fb4826c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-265.yaml"},{"reference_url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/3nl0h014274yjlt1hd02z0q78ftyz0z3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48291"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29828?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["BIT-airflow-2023-48291","CVE-2023-48291","GHSA-8f57-wcmg-4jmh","PYSEC-2023-265"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6smg-qne8-hfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218081?format=json","vulnerability_id":"VCID-6vhk-pt43-nqbd","summary":"The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17515","reference_id":"","reference_type":"","scores":[{"value":"0.10185","scoring_system":"epss","scoring_elements":"0.93296","published_at":"2026-06-11T12:55:00Z"},{"value":"0.10185","scoring_system":"epss","scoring_elements":"0.93318","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17515"},{"reference_url":"https://github.com/advisories/GHSA-86vp-x3pr-79rx","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-86vp-x3pr-79rx"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/13336272e32872247fa7d17e964ccd88ec8d1376","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/13336272e32872247fa7d17e964ccd88ec8d1376"},{"reference_url":"https://github.com/apache/airflow/commit/409c249121bd9c8902fc2ba551b21873ab41f953","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/409c249121bd9c8902fc2ba551b21873ab41f953"},{"reference_url":"https://github.com/apache/airflow/commit/7486153f451e4d2bb1c6fd9cbb5a63430157c99c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/7486153f451e4d2bb1c6fd9cbb5a63430157c99c"},{"reference_url":"https://github.com/apache/airflow/commit/ab8c55878e3e4257d2276226cb17b047ba856686","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/ab8c55878e3e4257d2276226cb17b047ba856686"},{"reference_url":"https://github.com/apache/airflow/commit/c6369beed53d41c0a70415b0d958bf0604124ad7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/c6369beed53d41c0a70415b0d958bf0604124ad7"},{"reference_url":"https://github.com/apache/airflow/pull/14738","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/14738"},{"reference_url":"https://github.com/apache/airflow/releases/tag/1.10.15","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/releases/tag/1.10.15"},{"reference_url":"https://github.com/apache/airflow/releases/tag/2.0.2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/releases/tag/2.0.2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-21.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-21.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17515","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17515"},{"reference_url":"https://pypi.org/project/apache-airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://pypi.org/project/apache-airflow"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/11/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/11/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61831?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"},{"url":"http://public2.vulnerablecode.io/api/packages/62479?format=json","purl":"pkg:pypi/apache-airflow@1.10.15rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/64215?format=json","purl":"pkg:pypi/apache-airflow@2.0.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2rc1"}],"aliases":["BIT-airflow-2020-17515","CVE-2020-17515","GHSA-86vp-x3pr-79rx","PYSEC-2020-21"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6vhk-pt43-nqbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150346?format=json","vulnerability_id":"VCID-6ywu-aujt-dfbz","summary":"The session fixation vulnerability allowed the authenticated user to continue accessing Airflow webserver even after the password of the user has been reset by the admin - up until the expiry of the session of the user. Other than manually cleaning the session database (for database session backend), or changing the secure_key and restarting the webserver, there were no mechanisms to force-logout the user (and all other users with that).\n\nWith this fix implemented, when using the database session backend, the existing sessions of the user are invalidated when the password of the user is reset. When using the securecookie session backend, the sessions are NOT invalidated and still require changing the secure key and restarting the webserver (and logging out all other users), but the user resetting the password is informed about it with a flash message warning displayed in the UI. Documentation is also updated explaining this behaviour.\n\nUsers of Apache Airflow are advised to upgrade to version 2.7.0 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40273","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51267","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51398","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40273"},{"reference_url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pm87-24wq-r8w9"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2caa186935151683076b74357daad83d2538a3f6"},{"reference_url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f5d8201ea7935d17cecaf25fc90d4ef0ccdd627b"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-158.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273","reference_id":"","reference_type":"","scores":[{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40273"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/08/23/1","reference_id":"1","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://www.openwall.com/lists/oss-security/2023/08/23/1"},{"reference_url":"https://github.com/apache/airflow/pull/33347","reference_id":"33347","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://github.com/apache/airflow/pull/33347"},{"reference_url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj","reference_id":"9rdmv8ln4y4ncbyrlmjrsj903x4l80nj","reference_type":"","scores":[{"value":"8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-27T20:28:46Z/"}],"url":"https://lists.apache.org/thread/9rdmv8ln4y4ncbyrlmjrsj903x4l80nj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74335?format=json","purl":"pkg:pypi/apache-airflow@2.7.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0rc2"},{"url":"http://public2.vulnerablecode.io/api/packages/74336?format=json","purl":"pkg:pypi/apache-airflow@2.7.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1rc1"}],"aliases":["BIT-airflow-2023-40273","CVE-2023-40273","GHSA-pm87-24wq-r8w9","PYSEC-2023-158"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ywu-aujt-dfbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218134?format=json","vulnerability_id":"VCID-7ujj-9jbc-jfes","summary":"The \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28359","reference_id":"","reference_type":"","scores":[{"value":"0.02558","scoring_system":"epss","scoring_elements":"0.85833","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02558","scoring_system":"epss","scoring_elements":"0.85883","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28359"},{"reference_url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3xxv-p78r-4fc6"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28359","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28359"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62480?format=json","purl":"pkg:pypi/apache-airflow@1.10.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.15"},{"url":"http://public2.vulnerablecode.io/api/packages/64216?format=json","purl":"pkg:pypi/apache-airflow@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2"}],"aliases":["BIT-airflow-2021-28359","CVE-2021-28359","GHSA-3xxv-p78r-4fc6","PYSEC-2021-4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ujj-9jbc-jfes"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/91248?format=json","vulnerability_id":"VCID-881f-vbac-rucw","summary":"When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values (such as secrets), they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. \n\nThe issue has been fixed in Airflow 3.1.4 and 2.11.1, and users are strongly advised to upgrade to prevent potential disclosure of sensitive information.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65995","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03604","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03589","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-65995"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/12/2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/12/2"},{"reference_url":"https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2","reference_id":"1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/"}],"url":"https://lists.apache.org/thread/1qzlrjo2wmlzs0rrgzgslj2pzkor0dr2"},{"reference_url":"https://github.com/apache/airflow/pull/58252","reference_id":"58252","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/"}],"url":"https://github.com/apache/airflow/pull/58252"},{"reference_url":"https://github.com/apache/airflow/pull/61883","reference_id":"61883","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-23T15:47:06Z/"}],"url":"https://github.com/apache/airflow/pull/61883"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65995","reference_id":"CVE-2025-65995","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65995"},{"reference_url":"https://github.com/advisories/GHSA-gfw7-2v73-69wg","reference_id":"GHSA-gfw7-2v73-69wg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gfw7-2v73-69wg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37835?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/39492?format=json","purl":"pkg:pypi/apache-airflow@3.1.5rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5r2q-cc18-v7cx"},{"vulnerability":"VCID-7q3b-su3j-y7b4"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-ap8j-6689-kfgd"},{"vulnerability":"VCID-bftx-1hw8-z7f1"},{"vulnerability":"VCID-bkwd-x3qh-57ga"},{"vulnerability":"VCID-bva2-dpg3-m7hv"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f41w-9d6d-wbgf"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-srr5-3rxv-rkg8"},{"vulnerability":"VCID-szqt-j7av-dqde"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-typh-t13h-w3g1"},{"vulnerability":"VCID-u2bm-499h-2qfh"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-yvkr-2un4-cyfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.5rc1"}],"aliases":["CVE-2025-65995","GHSA-gfw7-2v73-69wg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-881f-vbac-rucw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80377?format=json","vulnerability_id":"VCID-8aa5-hyy9-e3f1","summary":"A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `KeycloakAuthManager` did not actually reach the underlying `revoke_token()` call, so the JWT remained accepted by the API server until its natural expiry. An attacker holding a previously-issued JWT for a logged-out user could continue to make authenticated API calls as that user. Affects deployments configured with `FabAuthManager` or `KeycloakAuthManager` (the bug does not affect SimpleAuthManager). This is a residual gap in the fix for CVE-2025-57735, which addressed cookie-side invalidation in PR #57992 / PR #61339 but did not cover the provider-side `revoke_token()` reachability in the FAB / Keycloak code paths. Users who already upgraded for CVE-2025-57735 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the FAB / Keycloak logout paths.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48726","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13639","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13757","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-48726"},{"reference_url":"https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx","reference_id":"630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/"}],"url":"https://lists.apache.org/thread/630jg4z6cjkv4m2yv2ljgmf1zhdj1vqx"},{"reference_url":"https://github.com/apache/airflow/pull/67289","reference_id":"67289","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/"}],"url":"https://github.com/apache/airflow/pull/67289"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-57735","reference_id":"CVERecord?id=CVE-2025-57735","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:03:20Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-57735"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93948?format=json","purl":"pkg:pypi/apache-airflow@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2"}],"aliases":["BIT-airflow-2026-48726","CVE-2026-48726","PYSEC-2026-187"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8aa5-hyy9-e3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204293?format=json","vulnerability_id":"VCID-8fh5-c62g-g3ej","summary":"Apache Airflow vulnerable to XSS and local file disclosure","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12417","reference_id":"","reference_type":"","scores":[{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73559","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00745","scoring_system":"epss","scoring_elements":"0.73485","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12417"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/caf1f264b845153b9a61b00b1a57acb7c320e743","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/caf1f264b845153b9a61b00b1a57acb7c320e743"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-216.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-216.yaml"},{"reference_url":"https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f3aa5ff9c7cdb5424b6463c9013f6cf5db83d26c66ea77130cbbe1bc@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12417","reference_id":"CVE-2019-12417","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12417"},{"reference_url":"https://github.com/advisories/GHSA-q3p4-gw7r-wqjc","reference_id":"GHSA-q3p4-gw7r-wqjc","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q3p4-gw7r-wqjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55732?format=json","purl":"pkg:pypi/apache-airflow@1.10.6rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/60172?format=json","purl":"pkg:pypi/apache-airflow@1.10.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.6"}],"aliases":["CVE-2019-12417","GHSA-q3p4-gw7r-wqjc","PYSEC-2019-216"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8fh5-c62g-g3ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/137900?format=json","vulnerability_id":"VCID-8gmn-hbp1-4kbt","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35908","reference_id":"","reference_type":"","scores":[{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.4392","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00212","scoring_system":"epss","scoring_elements":"0.43764","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-35908"},{"reference_url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2h84-3crq-vgfj"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/ac65b82eeeeaa670e09a83c7da65cbac7e89f8db"},{"reference_url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/c78e16588ee399f6eaf60425eb1ad7fa6d3fe352"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-119.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35908"},{"reference_url":"https://github.com/apache/airflow/pull/32014","reference_id":"32014","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/"}],"url":"https://github.com/apache/airflow/pull/32014"},{"reference_url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw","reference_id":"vsflptk5dt30vrfggn96nx87d7zr6yvw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:43:45Z/"}],"url":"https://lists.apache.org/thread/vsflptk5dt30vrfggn96nx87d7zr6yvw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74332?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-35908","CVE-2023-35908","GHSA-2h84-3crq-vgfj","PYSEC-2023-119"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gmn-hbp1-4kbt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42322?format=json","vulnerability_id":"VCID-8ze1-k1e3-huhc","summary":"DAG Author (who already has quite a lot of permissions) could manipulate database of Airflow 2 in the way to execute arbitrary code in the web-server context, which they should normally not be able to do, leading to potentially remote code execution in the context of web-server (server-side) as a result of a user viewing historical task information.\n\nThe functionality responsible for that (log template history) has been disabled by default in 2.11.1 and users should upgrade to Airflow 3 if they want to continue to use log template history. They can also manually modify historical log file names if they want to see historical logs that were generated before the last log template change.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56373","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11807","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11891","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-56373"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/23/3","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/23/3"},{"reference_url":"https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy","reference_id":"2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:43Z/"}],"url":"https://lists.apache.org/thread/2vrmrhcht6g7cp5yjxpnrk2wtrncm6cy"},{"reference_url":"https://github.com/apache/airflow/pull/61880","reference_id":"61880","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:43Z/"}],"url":"https://github.com/apache/airflow/pull/61880"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56373","reference_id":"CVE-2024-56373","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56373"},{"reference_url":"https://github.com/advisories/GHSA-r837-hpv7-pc2f","reference_id":"GHSA-r837-hpv7-pc2f","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r837-hpv7-pc2f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37835?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"}],"aliases":["CVE-2024-56373","GHSA-r837-hpv7-pc2f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ze1-k1e3-huhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217942?format=json","vulnerability_id":"VCID-9fm3-h4pj-6kac","summary":"In Apache Airflow < 1.10.12, the \"origin\" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13944","reference_id":"","reference_type":"","scores":[{"value":"0.17227","scoring_system":"epss","scoring_elements":"0.95174","published_at":"2026-06-11T12:55:00Z"},{"value":"0.17227","scoring_system":"epss","scoring_elements":"0.9519","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13944"},{"reference_url":"https://github.com/advisories/GHSA-4pwq-fj89-6rjc","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4pwq-fj89-6rjc"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/5c2bb7b0b0e717b11f093910b443243330ad93ca","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/5c2bb7b0b0e717b11f093910b443243330ad93ca"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-19.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-19.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r2892ef594dbbf54d0939b808626f52f7c2d1584f8aa1d81570847d2a@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r4656959c8ed06c1f6202d89aa4e67b35ad7bdba5a666caff3fea888e@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r97e1b60ca508a86be58c43f405c0c8ff00ba467ba0bee68704ae7e3e%40%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13944","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13944"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/11/2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/11/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60731?format=json","purl":"pkg:pypi/apache-airflow@1.10.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.12"}],"aliases":["BIT-airflow-2020-13944","CVE-2020-13944","GHSA-4pwq-fj89-6rjc","PYSEC-2020-19"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fm3-h4pj-6kac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70597?format=json","vulnerability_id":"VCID-9y7c-yxq4-f7ha","summary":"A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking (e.g. nested `password` / `token` / `secret` / `api_key` keys inside a JSON template structure) to be bypassed when the rendered field exceeded `[core] max_templated_field_length`: Airflow stringified the structure before redaction, losing the nested key context, and persisted the plaintext value into `rendered_fields`. An authenticated UI/API user with permission to read rendered template fields could harvest secret values intended to be masked. Affects deployments where Dag authors pass structured JSON to operators with nested sensitive keys. This is a variant of `CWE-200` previously addressed for the user-registered `mask_secret()` patterns in CVE-2025-68438; that fix did not cover the nested sensitive-keyword allowlist. Users who already upgraded for CVE-2025-68438 should additionally upgrade to `apache-airflow` 3.2.2 or later to cover the nested-key path.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42360","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12918","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13013","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42360"},{"reference_url":"https://github.com/apache/airflow/pull/65906","reference_id":"65906","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T13:55:15Z/"}],"url":"https://github.com/apache/airflow/pull/65906"},{"reference_url":"https://lists.apache.org/thread/obj79bpxnl7r5olz1gsn0g94y88glnl4","reference_id":"obj79bpxnl7r5olz1gsn0g94y88glnl4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T13:55:15Z/"}],"url":"https://lists.apache.org/thread/obj79bpxnl7r5olz1gsn0g94y88glnl4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93948?format=json","purl":"pkg:pypi/apache-airflow@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2"}],"aliases":["BIT-airflow-2026-42360","CVE-2026-42360","PYSEC-2026-172"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9y7c-yxq4-f7ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203282?format=json","vulnerability_id":"VCID-ad8d-e8yv-gyen","summary":"Apache Airflow vulnerable to Stored XSS","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20244","reference_id":"","reference_type":"","scores":[{"value":"0.00847","scoring_system":"epss","scoring_elements":"0.75281","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00847","scoring_system":"epss","scoring_elements":"0.75352","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20244"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/27a4a888e946728d9bb33b78ec604e08d4a93f89","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/27a4a888e946728d9bb33b78ec604e08d4a93f89"},{"reference_url":"https://github.com/apache/airflow/commit/3ff94c7da60fbb24bf99eb6192c7386e8ab4c4c9","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/3ff94c7da60fbb24bf99eb6192c7386e8ab4c4c9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-142.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-142.yaml"},{"reference_url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f656fddf9c49293b3ec450437c46709eb01a12d1645136b2f1b8573b@%3Cdev.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/10/6","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/10/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20244","reference_id":"CVE-2018-20244","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20244"},{"reference_url":"https://github.com/advisories/GHSA-99cv-8cvv-666c","reference_id":"GHSA-99cv-8cvv-666c","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99cv-8cvv-666c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/14994?format=json","purl":"pkg:pypi/apache-airflow@1.10.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-3mcw-4t4r-kfhy"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qbvb-qhyc-nbdp"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-uj57-9mwj-xueb"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z7ws-c1xv-cybz"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.2"}],"aliases":["CVE-2018-20244","GHSA-99cv-8cvv-666c","PYSEC-2019-142"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ad8d-e8yv-gyen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/172143?format=json","vulnerability_id":"VCID-akt3-fjpx-zbbd","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Hive Provider, Apache Airflow allows an attacker to execute arbtrary commands in the task execution context, without write access to DAG files. This issue affects Hive Provider versions prior to 4.1.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case HIve Provider is installed (Hive Provider 4.1.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the HIve Provider version 4.1.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Hive Provider installed).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41131","reference_id":"","reference_type":"","scores":[{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70519","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00617","scoring_system":"epss","scoring_elements":"0.70428","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41131"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/27647","reference_id":"27647","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:11:00Z/"}],"url":"https://github.com/apache/airflow/pull/27647"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41131","reference_id":"CVE-2022-41131","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41131"},{"reference_url":"https://github.com/advisories/GHSA-cm43-f2pv-6v68","reference_id":"GHSA-cm43-f2pv-6v68","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cm43-f2pv-6v68"},{"reference_url":"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl","reference_id":"wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-29T15:11:00Z/"}],"url":"https://lists.apache.org/thread/wwo3qp0z8gv54yzn7hr04wy4n8gb0vhl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26994?format=json","purl":"pkg:pypi/apache-airflow@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0"}],"aliases":["CVE-2022-41131","GHSA-cm43-f2pv-6v68"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akt3-fjpx-zbbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40361?format=json","vulnerability_id":"VCID-bjtj-v297-cbd7","summary":"Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables. Unauthorized users could access these logs, potentially exposing critical data that could be exploited to compromise the security of the Airflow deployment. In version 2.10.3, secrets are now masked in task logs to prevent sensitive configuration variables from being exposed in the logging output. Users should upgrade to Airflow 2.10.3 or the latest version to eliminate this vulnerability. If you suspect that DAG authors could have logged the secret values to the logs and that your logs are not additionally protected, it is also recommended that you update those secrets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45784","reference_id":"","reference_type":"","scores":[{"value":"0.01059","scoring_system":"epss","scoring_elements":"0.78047","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01059","scoring_system":"epss","scoring_elements":"0.78115","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45784"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-182.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45784","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45784"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/11/15/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/11/15/1"},{"reference_url":"https://github.com/apache/airflow/pull/43040","reference_id":"43040","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/"}],"url":"https://github.com/apache/airflow/pull/43040"},{"reference_url":"https://github.com/advisories/GHSA-46c3-5xc5-wwhv","reference_id":"GHSA-46c3-5xc5-wwhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-46c3-5xc5-wwhv"},{"reference_url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h","reference_id":"k2jm55jztlbmk4zrlh10syvq3n57hl4h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T19:41:31Z/"}],"url":"https://lists.apache.org/thread/k2jm55jztlbmk4zrlh10syvq3n57hl4h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74370?format=json","purl":"pkg:pypi/apache-airflow@2.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.3"}],"aliases":["BIT-airflow-2024-45784","CVE-2024-45784","GHSA-46c3-5xc5-wwhv","PYSEC-2024-182"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjtj-v297-cbd7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139548?format=json","vulnerability_id":"VCID-bw9q-wjgg-vqgs","summary":"Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability.\n\nThe default SSL context with SSL library did not check a server's X.509 certificate.  Instead, the code accepted any certificate, which could result in the disclosure of mail server credentials or mail contents when the client connects to an attacker in a MITM position.\n\nUsers are strongly advised to upgrade to Apache Airflow version 2.7.0 or newer, Apache Airflow IMAP Provider version 3.3.0 or newer, and Apache Airflow SMTP Provider version 1.3.0 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39441","reference_id":"","reference_type":"","scores":[{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.49298","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00255","scoring_system":"epss","scoring_elements":"0.4916","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39441"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/38fc9cd823feafd8ec61d5d5c7eddb9e9162f755","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/38fc9cd823feafd8ec61d5d5c7eddb9e9162f755"},{"reference_url":"https://github.com/apache/airflow/commit/3bd8f020e8b7bdeb7f618bdbdfb3557f117b29d3","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/3bd8f020e8b7bdeb7f618bdbdfb3557f117b29d3"},{"reference_url":"https://github.com/apache/airflow/commit/dbacacbd4d476da757de148a4e747924c34fd7fe","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/dbacacbd4d476da757de148a4e747924c34fd7fe"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39441","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39441"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/23/2","reference_id":"2","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/08/23/2"},{"reference_url":"https://github.com/apache/airflow/pull/33070","reference_id":"33070","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/"}],"url":"https://github.com/apache/airflow/pull/33070"},{"reference_url":"https://github.com/apache/airflow/pull/33075","reference_id":"33075","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/"}],"url":"https://github.com/apache/airflow/pull/33075"},{"reference_url":"https://github.com/apache/airflow/pull/33108","reference_id":"33108","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/"}],"url":"https://github.com/apache/airflow/pull/33108"},{"reference_url":"https://github.com/advisories/GHSA-5f35-pq34-c87q","reference_id":"GHSA-5f35-pq34-c87q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5f35-pq34-c87q"},{"reference_url":"https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb","reference_id":"xzp4wgjg2b1o6ylk2595df8bstlbo1lb","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T20:31:29Z/"}],"url":"https://lists.apache.org/thread/xzp4wgjg2b1o6ylk2595df8bstlbo1lb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30665?format=json","purl":"pkg:pypi/apache-airflow@2.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.0"}],"aliases":["CVE-2023-39441","GHSA-5f35-pq34-c87q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw9q-wjgg-vqgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46712?format=json","vulnerability_id":"VCID-bwh8-43re-a3b8","summary":"Apache Airflow versions before 2.9.3 have a vulnerability that allows an authenticated attacker to inject a malicious link when installing a provider. Users are recommended to upgrade to version 2.9.3, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39863","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6328","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.63178","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-39863"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f18f48492dc69f392e45567580b6ddb0c070ea58"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-189.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/07/16/6","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/07/16/6"},{"reference_url":"https://github.com/apache/airflow/pull/40475","reference_id":"40475","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/"}],"url":"https://github.com/apache/airflow/pull/40475"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39863","reference_id":"CVE-2024-39863","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-39863"},{"reference_url":"https://github.com/advisories/GHSA-j482-47xf-p25c","reference_id":"GHSA-j482-47xf-p25c","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j482-47xf-p25c"},{"reference_url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3","reference_id":"gxkvs279f1mbvckv5q65worr6how20o3","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-29T19:39:48Z/"}],"url":"https://lists.apache.org/thread/gxkvs279f1mbvckv5q65worr6how20o3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/32669?format=json","purl":"pkg:pypi/apache-airflow@2.9.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.9.3"}],"aliases":["BIT-airflow-2024-39863","CVE-2024-39863","GHSA-j482-47xf-p25c","PYSEC-2024-189"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bwh8-43re-a3b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/164837?format=json","vulnerability_id":"VCID-c2d5-ha3e-hkcd","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pinot Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Apache Airflow Pinot Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Apache Airflow Pinot Provider is installed (Apache Airflow Pinot Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pinot Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38649","reference_id":"","reference_type":"","scores":[{"value":"0.06634","scoring_system":"epss","scoring_elements":"0.91434","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06634","scoring_system":"epss","scoring_elements":"0.91403","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38649"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/1d4fd5c6eacab0b88f8660f9d780174434393f1a"},{"reference_url":"https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz","reference_id":"033o1gbc4ly6dpd2xf1o201v56fbl4dz","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/"}],"url":"https://lists.apache.org/thread/033o1gbc4ly6dpd2xf1o201v56fbl4dz"},{"reference_url":"https://github.com/apache/airflow/pull/27641","reference_id":"27641","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:35:31Z/"}],"url":"https://github.com/apache/airflow/pull/27641"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38649","reference_id":"CVE-2022-38649","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38649"},{"reference_url":"https://github.com/advisories/GHSA-7wqf-h36w-47mc","reference_id":"GHSA-7wqf-h36w-47mc","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7wqf-h36w-47mc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26994?format=json","purl":"pkg:pypi/apache-airflow@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0"}],"aliases":["CVE-2022-38649","GHSA-7wqf-h36w-47mc"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2d5-ha3e-hkcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139413?format=json","vulnerability_id":"VCID-c2sx-75mh-afhd","summary":"Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.\n\nApache Airflow Drill Provider is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection with DrillHook giving an opportunity to read files on the Airflow server.\nThis issue affects Apache Airflow Drill Provider: before 2.4.3.\nIt is recommended to upgrade to a version that is not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39553","reference_id":"","reference_type":"","scores":[{"value":"0.02101","scoring_system":"epss","scoring_elements":"0.8443","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02101","scoring_system":"epss","scoring_elements":"0.84485","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39553"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/394a727ac2c18d58978bf186a7a92923460ec110"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-136.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39553","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39553"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/08/11/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/08/11/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/08/11/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/08/11/1"},{"reference_url":"https://github.com/apache/airflow/pull/33074","reference_id":"33074","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/"}],"url":"https://github.com/apache/airflow/pull/33074"},{"reference_url":"https://github.com/advisories/GHSA-mq4v-6vg4-796c","reference_id":"GHSA-mq4v-6vg4-796c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq4v-6vg4-796c"},{"reference_url":"https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf","reference_id":"ozpl0opmob49rkcz8svo8wkxyw1395sf","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-01T18:34:02Z/"}],"url":"https://lists.apache.org/thread/ozpl0opmob49rkcz8svo8wkxyw1395sf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27859?format=json","purl":"pkg:pypi/apache-airflow@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3"}],"aliases":["CVE-2023-39553","GHSA-mq4v-6vg4-796c","PYSEC-2023-136"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c2sx-75mh-afhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207574?format=json","vulnerability_id":"VCID-cjdt-c5b2-f7bb","summary":"Improper Privilege Management in apache-airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45230","reference_id":"","reference_type":"","scores":[{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83195","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01784","scoring_system":"epss","scoring_elements":"0.83134","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45230"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-11.yaml"},{"reference_url":"https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/m778ojn0k595rwco4ht9wjql89mjoxnl"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45230","reference_id":"CVE-2021-45230","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45230"},{"reference_url":"https://github.com/advisories/GHSA-4jh2-3c85-q67h","reference_id":"GHSA-4jh2-3c85-q67h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jh2-3c85-q67h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62481?format=json","purl":"pkg:pypi/apache-airflow@2.0.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/18856?format=json","purl":"pkg:pypi/apache-airflow@2.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.0"}],"aliases":["BIT-airflow-2021-45230","CVE-2021-45230","GHSA-4jh2-3c85-q67h","PYSEC-2022-11"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjdt-c5b2-f7bb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149643?format=json","vulnerability_id":"VCID-cn8p-pg33-83aa","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22884","reference_id":"","reference_type":"","scores":[{"value":"0.76288","scoring_system":"epss","scoring_elements":"0.98952","published_at":"2026-06-11T12:55:00Z"},{"value":"0.76288","scoring_system":"epss","scoring_elements":"0.98956","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22884"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22884","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22884"},{"reference_url":"https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h","reference_id":"0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/"}],"url":"https://lists.apache.org/thread/0l0j3nt0t7fzrcjl2ch0jgj6c58kxs5h"},{"reference_url":"https://github.com/apache/airflow/pull/28811","reference_id":"28811","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-03-31T14:53:11Z/"}],"url":"https://github.com/apache/airflow/pull/28811"},{"reference_url":"https://github.com/advisories/GHSA-c732-xvv8-g94c","reference_id":"GHSA-c732-xvv8-g94c","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c732-xvv8-g94c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74311?format=json","purl":"pkg:pypi/apache-airflow@2.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.1"}],"aliases":["CVE-2023-22884","GHSA-c732-xvv8-g94c"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cn8p-pg33-83aa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/171547?format=json","vulnerability_id":"VCID-cnzs-6j9b-cfd2","summary":"A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27949","reference_id":"","reference_type":"","scores":[{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.62382","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00418","scoring_system":"epss","scoring_elements":"0.6228","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-27949"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/09be0c5c7e847dda1d0be5776f8d5e327ff2281a"},{"reference_url":"https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/1cbb0ad26dd17f218c6ab1c2ae59b262c443a443"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42981.yaml"},{"reference_url":"https://github.com/apache/airflow/pull/22754","reference_id":"22754","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/"}],"url":"https://github.com/apache/airflow/pull/22754"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/14/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/14/3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27949","reference_id":"CVE-2022-27949","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-27949"},{"reference_url":"https://github.com/advisories/GHSA-fvw2-2pf7-77vw","reference_id":"GHSA-fvw2-2pf7-77vw","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fvw2-2pf7-77vw"},{"reference_url":"https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p","reference_id":"n38oc5obb48600fsvnbopxcs0jpbp65p","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T19:43:53Z/"}],"url":"https://lists.apache.org/thread/n38oc5obb48600fsvnbopxcs0jpbp65p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27852?format=json","purl":"pkg:pypi/apache-airflow@2.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.1"}],"aliases":["BIT-airflow-2022-27949","CVE-2022-27949","GHSA-fvw2-2pf7-77vw","PYSEC-2022-42981"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnzs-6j9b-cfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135625?format=json","vulnerability_id":"VCID-d6m3-rkux-pfaw","summary":"Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write access to various DAG resources for DAGs that the user had no access to, thus, enabling the user to clear DAGs they shouldn't.\n\nUsers of Apache Airflow are strongly advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42792","reference_id":"","reference_type":"","scores":[{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69517","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00582","scoring_system":"epss","scoring_elements":"0.69426","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42792"},{"reference_url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3w8-2p2h-mrr9"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-203.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42792"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/1","reference_id":"1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/1"},{"reference_url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq","reference_id":"1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"https://lists.apache.org/thread/1spbo9nkn49fc2hnxqm9tf6mgqwp9tjq"},{"reference_url":"https://github.com/apache/airflow/pull/34366","reference_id":"34366","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:25:27Z/"}],"url":"https://github.com/apache/airflow/pull/34366"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74340?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42792","CVE-2023-42792","GHSA-j3w8-2p2h-mrr9","PYSEC-2023-203"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d6m3-rkux-pfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205059?format=json","vulnerability_id":"VCID-ehpn-d1k9-4bak","summary":"Insecure default config of Celery worker in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11982","reference_id":"","reference_type":"","scores":[{"value":"0.05664","scoring_system":"epss","scoring_elements":"0.90582","published_at":"2026-06-11T12:55:00Z"},{"value":"0.05664","scoring_system":"epss","scoring_elements":"0.90611","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11982"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/13612","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/13612"},{"reference_url":"https://github.com/apache/airflow/pull/7205","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/7205"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-16.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11982","reference_id":"CVE-2020-11982","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11982"},{"reference_url":"https://github.com/advisories/GHSA-9g2w-5f3v-mfmm","reference_id":"GHSA-9g2w-5f3v-mfmm","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9g2w-5f3v-mfmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16771?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/16769?format=json","purl":"pkg:pypi/apache-airflow@1.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11"}],"aliases":["BIT-airflow-2020-11982","CVE-2020-11982","GHSA-9g2w-5f3v-mfmm","PYSEC-2020-16"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehpn-d1k9-4bak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/68064?format=json","vulnerability_id":"VCID-es5x-ee29-6ue8","summary":"The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG could retrieve HITL prompts (including their request parameters) and full TaskInstance details for DAGs outside their authorized scope. Because HITL prompts and TaskInstance fields routinely carry operator parameters and free-form context attached to a task, the leak widens visibility of DAG-run data beyond the intended per-DAG RBAC boundary for every authenticated user.\n\nUsers are recommended to upgrade to version 3.2.1 , which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-38743","reference_id":"","reference_type":"","scores":[{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20588","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00065","scoring_system":"epss","scoring_elements":"0.20412","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-38743"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/fed4921098d51fd3ec17b7f5cff80f6c36fd05e2","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/fed4921098d51fd3ec17b7f5cff80f6c36fd05e2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-38743","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-38743"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/24/3","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/24/3"},{"reference_url":"https://github.com/apache/airflow/pull/64822","reference_id":"64822","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:21:58Z/"}],"url":"https://github.com/apache/airflow/pull/64822"},{"reference_url":"https://github.com/advisories/GHSA-p3v3-229h-mc63","reference_id":"GHSA-p3v3-229h-mc63","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-p3v3-229h-mc63"},{"reference_url":"https://lists.apache.org/thread/sk2wj0x48o8qb4p7c47gvnhjbm0mg396","reference_id":"sk2wj0x48o8qb4p7c47gvnhjbm0mg396","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:21:58Z/"}],"url":"https://lists.apache.org/thread/sk2wj0x48o8qb4p7c47gvnhjbm0mg396"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93941?format=json","purl":"pkg:pypi/apache-airflow@3.2.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-7nmp-wvjt-5qcd"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-r4gm-ygr6-4ffs"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-y78u-y824-afc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.1rc1"}],"aliases":["CVE-2026-38743","GHSA-p3v3-229h-mc63"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-es5x-ee29-6ue8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40520?format=json","vulnerability_id":"VCID-etdd-wf1g-5yc6","summary":"Apache Airflow versions before 2.10.1 have a vulnerability that allows DAG authors to add local settings to the DAG folder and get it executed by the scheduler, where the scheduler is not supposed to execute code submitted by the DAG author. \nUsers are advised to upgrade to version 2.10.1 or later, which has fixed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45034","reference_id":"","reference_type":"","scores":[{"value":"0.03097","scoring_system":"epss","scoring_elements":"0.87086","published_at":"2026-06-11T12:55:00Z"},{"value":"0.03097","scoring_system":"epss","scoring_elements":"0.87132","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45034"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/03e01e76d2203d37aa645096df195b4328665f6d"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-212.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/09/06/3","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/09/06/3"},{"reference_url":"https://github.com/apache/airflow/pull/41672","reference_id":"41672","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/"}],"url":"https://github.com/apache/airflow/pull/41672"},{"reference_url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx","reference_id":"b4fcw33vh60yfg9990n5vmc7sy2dcgjx","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-09T13:50:48Z/"}],"url":"https://lists.apache.org/thread/b4fcw33vh60yfg9990n5vmc7sy2dcgjx"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45034","reference_id":"CVE-2024-45034","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45034"},{"reference_url":"https://github.com/advisories/GHSA-92xg-gmrq-5c3w","reference_id":"GHSA-92xg-gmrq-5c3w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92xg-gmrq-5c3w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33279?format=json","purl":"pkg:pypi/apache-airflow@2.10.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.10.1"}],"aliases":["BIT-airflow-2024-45034","CVE-2024-45034","GHSA-92xg-gmrq-5c3w","PYSEC-2024-212"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-etdd-wf1g-5yc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173855?format=json","vulnerability_id":"VCID-ex63-gwxe-tufh","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files. This issue affects Pig Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Pig Provider is installed (Pig Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Pig Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40189","reference_id":"","reference_type":"","scores":[{"value":"0.15925","scoring_system":"epss","scoring_elements":"0.94928","published_at":"2026-06-12T12:55:00Z"},{"value":"0.15925","scoring_system":"epss","scoring_elements":"0.94911","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40189"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/27644","reference_id":"27644","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:24:47Z/"}],"url":"https://github.com/apache/airflow/pull/27644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40189","reference_id":"CVE-2022-40189","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40189"},{"reference_url":"https://github.com/advisories/GHSA-rmf2-pwfq-h75j","reference_id":"GHSA-rmf2-pwfq-h75j","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmf2-pwfq-h75j"},{"reference_url":"https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15","reference_id":"yxnfzfw2w9pj5s785k3rlyly4y44sd15","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-29T04:24:47Z/"}],"url":"https://lists.apache.org/thread/yxnfzfw2w9pj5s785k3rlyly4y44sd15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26994?format=json","purl":"pkg:pypi/apache-airflow@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0"}],"aliases":["CVE-2022-40189","GHSA-rmf2-pwfq-h75j"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ex63-gwxe-tufh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83883?format=json","vulnerability_id":"VCID-f5rh-fhtd-wyau","summary":"A Dag author could either (a) create a symlink under their task's log directory pointing to an arbitrary file readable by the API server process (read-path attack — e.g. `/etc/passwd` or `airflow.cfg`) or (b) supply a `task_id` containing `..` sequences accepted by the Task SDK's `KEY_REGEX` (write-path attack), and in both cases the FileTaskHandler resolves the log path outside the configured `base_log_folder`, leaking or overwriting arbitrary files. Only affects deployments where the worker log folder is shared with the API server. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deploy the worker and API server with separate log volumes so that worker-controlled paths cannot reach the API server's filesystem.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40861","reference_id":"","reference_type":"","scores":[{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27712","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00103","scoring_system":"epss","scoring_elements":"0.27913","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40861"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/31/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2026/05/31/1"},{"reference_url":"https://github.com/apache/airflow/pull/65325","reference_id":"65325","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:33:03Z/"}],"url":"https://github.com/apache/airflow/pull/65325"},{"reference_url":"https://lists.apache.org/thread/823334db2559xjlwt59gpzjz47thnscl","reference_id":"823334db2559xjlwt59gpzjz47thnscl","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T16:33:03Z/"}],"url":"https://lists.apache.org/thread/823334db2559xjlwt59gpzjz47thnscl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93948?format=json","purl":"pkg:pypi/apache-airflow@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2"}],"aliases":["BIT-airflow-2026-40861","CVE-2026-40861","PYSEC-2026-181"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f5rh-fhtd-wyau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218180?format=json","vulnerability_id":"VCID-fxxa-6sx4-yfhh","summary":"If remote logging is not used, the worker (in the case of CeleryExecutor) or the scheduler (in the case of LocalExecutor) runs a Flask logging server and is listening on a specific port and also binds on 0.0.0.0 by default. This logging server had no authentication and allows reading log files of DAG jobs. This issue affects Apache Airflow < 2.1.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35936","reference_id":"","reference_type":"","scores":[{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83613","published_at":"2026-06-11T12:55:00Z"},{"value":"0.01895","scoring_system":"epss","scoring_elements":"0.83672","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-35936"},{"reference_url":"https://github.com/advisories/GHSA-m6h2-jx9v-58w6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m6h2-jx9v-58w6"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/27265516d2b897585f5019ecd820cfe5471fd351"},{"reference_url":"https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/7a5bb88ad78d600fbb1676a55752597928115bd8"},{"reference_url":"https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d772f38f843b9add5319a01cf51a844145b01f63"},{"reference_url":"https://github.com/apache/airflow/compare/2.1.1...2.1.2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/compare/2.1.1...2.1.2"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-122.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r53d6bd7b0a66f92ddaf1313282f10fec802e71246606dd30c16536df%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35936","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-35936"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65936?format=json","purl":"pkg:pypi/apache-airflow@2.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.1.2"}],"aliases":["BIT-airflow-2021-35936","CVE-2021-35936","GHSA-m6h2-jx9v-58w6","PYSEC-2021-122"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fxxa-6sx4-yfhh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/146641?format=json","vulnerability_id":"VCID-g4qz-drbp-gqdp","summary":"Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of \"enable_xcom_pickling=False\" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50943","reference_id":"","reference_type":"","scores":[{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44271","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00215","scoring_system":"epss","scoring_elements":"0.44118","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50943"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2c4c5bc604e9ab0cc1e98f7bee7d31d566579462"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-13.yaml"},{"reference_url":"https://github.com/apache/airflow/pull/36255","reference_id":"36255","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"https://github.com/apache/airflow/pull/36255"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/01/24/4","reference_id":"4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/01/24/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943","reference_id":"CVE-2023-50943","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50943"},{"reference_url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn","reference_id":"fx278v0twqzxkcts70tc04cp3f8p56pn","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:45Z/"}],"url":"https://lists.apache.org/thread/fx278v0twqzxkcts70tc04cp3f8p56pn"},{"reference_url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2","reference_id":"GHSA-c3c6-f2ww-xfr2","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c3c6-f2ww-xfr2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/28561?format=json","purl":"pkg:pypi/apache-airflow@2.8.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/29452?format=json","purl":"pkg:pypi/apache-airflow@2.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.1"}],"aliases":["BIT-airflow-2023-50943","CVE-2023-50943","GHSA-c3c6-f2ww-xfr2","PYSEC-2024-13"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4qz-drbp-gqdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/136381?format=json","vulnerability_id":"VCID-g4y4-92yj-r3ct","summary":"Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36543","reference_id":"","reference_type":"","scores":[{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.7464","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00804","scoring_system":"epss","scoring_elements":"0.74568","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36543"},{"reference_url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3h4m-m55v-gx4m"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/116e607ddcb32480e57c342f48226545ac6fc315"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-106.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36543"},{"reference_url":"https://github.com/apache/airflow/pull/32060","reference_id":"32060","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/"}],"url":"https://github.com/apache/airflow/pull/32060"},{"reference_url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4","reference_id":"tokfs980504ylgk3cv3hjlnrtbv4tng4","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:53Z/"}],"url":"https://lists.apache.org/thread/tokfs980504ylgk3cv3hjlnrtbv4tng4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74332?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-36543","CVE-2023-36543","GHSA-3h4m-m55v-gx4m","PYSEC-2023-106"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g4y4-92yj-r3ct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83003?format=json","vulnerability_id":"VCID-gbn8-8y8d-gkgw","summary":"Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. \n\nUsers are advised to upgrade to 3.1.7 or later, which resolves this issue","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24098","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03769","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0375","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24098"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/02/09/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/02/09/3"},{"reference_url":"https://github.com/apache/airflow/pull/60801","reference_id":"60801","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:28:52Z/"}],"url":"https://github.com/apache/airflow/pull/60801"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24098","reference_id":"CVE-2026-24098","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24098"},{"reference_url":"https://github.com/advisories/GHSA-5g2w-9f8g-g5q7","reference_id":"GHSA-5g2w-9f8g-g5q7","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5g2w-9f8g-g5q7"},{"reference_url":"https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x","reference_id":"nx96435v77xdst7ls5lk57kqvqyj095x","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:28:52Z/"}],"url":"https://lists.apache.org/thread/nx96435v77xdst7ls5lk57kqvqyj095x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/38937?format=json","purl":"pkg:pypi/apache-airflow@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5r2q-cc18-v7cx"},{"vulnerability":"VCID-7q3b-su3j-y7b4"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-ap8j-6689-kfgd"},{"vulnerability":"VCID-bkwd-x3qh-57ga"},{"vulnerability":"VCID-bva2-dpg3-m7hv"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f41w-9d6d-wbgf"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-szqt-j7av-dqde"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-typh-t13h-w3g1"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-yvkr-2un4-cyfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.7"}],"aliases":["BIT-airflow-2026-24098","CVE-2026-24098","GHSA-5g2w-9f8g-g5q7","PYSEC-2026-12"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbn8-8y8d-gkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129456?format=json","vulnerability_id":"VCID-gdht-hfnv-pqbm","summary":"Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25754","reference_id":"","reference_type":"","scores":[{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.66366","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00499","scoring_system":"epss","scoring_elements":"0.6646","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25754"},{"reference_url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp","reference_id":"","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jchm-fm4q-c2fp"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/18347d36e67894604436f3ef47d273532683b473"},{"reference_url":"https://github.com/apache/airflow/releases/tag/2.6.0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/releases/tag/2.6.0"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-59.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25754"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/05/08/2","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/05/08/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/05/08/2","reference_id":"2","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/05/08/2"},{"reference_url":"https://github.com/apache/airflow/pull/29506","reference_id":"29506","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"https://github.com/apache/airflow/pull/29506"},{"reference_url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v","reference_id":"3y83gr0qb8t49ppfk4fb2yk7md8ltq4v","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-10-10T19:27:15Z/"}],"url":"https://lists.apache.org/thread/3y83gr0qb8t49ppfk4fb2yk7md8ltq4v"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74318?format=json","purl":"pkg:pypi/apache-airflow@2.6.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/74324?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-25754","CVE-2023-25754","GHSA-jchm-fm4q-c2fp","PYSEC-2023-59"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdht-hfnv-pqbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/134704?format=json","vulnerability_id":"VCID-gfcb-gz5n-23fs","summary":"Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28707","reference_id":"","reference_type":"","scores":[{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.77045","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00964","scoring_system":"epss","scoring_elements":"0.76974","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-28707"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/63d9b24aad0b4b9397682ddac1ea5824354789b3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-3.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28707","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28707"},{"reference_url":"https://www.openwall.com/lists/oss-security/2023/04/07/1","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.openwall.com/lists/oss-security/2023/04/07/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/04/07/1","reference_id":"1","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/04/07/1"},{"reference_url":"https://github.com/apache/airflow/pull/30215","reference_id":"30215","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/"}],"url":"https://github.com/apache/airflow/pull/30215"},{"reference_url":"https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk","reference_id":"dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-23T15:07:44Z/"}],"url":"https://lists.apache.org/thread/dfoj7q1nd0vhhsl8fjg63z4j6mfmdxtk"},{"reference_url":"https://github.com/advisories/GHSA-85pf-r4c7-3j9r","reference_id":"GHSA-85pf-r4c7-3j9r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-85pf-r4c7-3j9r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/71546?format=json","purl":"pkg:pypi/apache-airflow@2.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.2"}],"aliases":["CVE-2023-28707","GHSA-85pf-r4c7-3j9r","PYSEC-2023-3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfcb-gz5n-23fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69986?format=json","vulnerability_id":"VCID-h4r7-k7z1-6kgg","summary":"Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG bundle is importable from the scheduler process — could embed a custom `DeadlineReference` whose serialized form named an attacker-controlled module path, causing the scheduler to `import_string(...)` and instantiate that class with a live SQLAlchemy session attached. Affects deployments where DAG-author code is less trusted than the scheduler process. Users are advised to upgrade to `apache-airflow` 3.2.2 or later.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45360","reference_id":"","reference_type":"","scores":[{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24797","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00086","scoring_system":"epss","scoring_elements":"0.24997","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45360"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/05/31/12","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"http://www.openwall.com/lists/oss-security/2026/05/31/12"},{"reference_url":"https://github.com/apache/airflow/pull/66737","reference_id":"66737","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-02T15:48:16Z/"}],"url":"https://github.com/apache/airflow/pull/66737"},{"reference_url":"https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83","reference_id":"q227dghjwgfz8xsxrf2pwpz4wk43zm83","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-06-02T15:48:16Z/"}],"url":"https://lists.apache.org/thread/q227dghjwgfz8xsxrf2pwpz4wk43zm83"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93948?format=json","purl":"pkg:pypi/apache-airflow@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2"}],"aliases":["BIT-airflow-2026-45360","CVE-2026-45360","PYSEC-2026-186"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h4r7-k7z1-6kgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218347?format=json","vulnerability_id":"VCID-he37-337a-r7ex","summary":"Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42663","reference_id":"","reference_type":"","scores":[{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61169","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00401","scoring_system":"epss","scoring_elements":"0.61275","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42663"},{"reference_url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32wr-qqw6-5mfp"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/34315","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/34315"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml"},{"reference_url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42663"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74340?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42663","CVE-2023-42663","GHSA-32wr-qqw6-5mfp","PYSEC-2023-197"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-he37-337a-r7ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153601?format=json","vulnerability_id":"VCID-hpv8-57c6-2ub6","summary":"The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default","references":[{"reference_url":"https://airflow.apache.org/docs/apache-airflow/1.10.11/security.html#api-authentication","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://airflow.apache.org/docs/apache-airflow/1.10.11/security.html#api-authentication"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13927","reference_id":"","reference_type":"","scores":[{"value":"0.94104","scoring_system":"epss","scoring_elements":"0.99913","published_at":"2026-06-12T12:55:00Z"},{"value":"0.94104","scoring_system":"epss","scoring_elements":"0.99912","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13927"},{"reference_url":"https://github.com/advisories/GHSA-hhx9-p69v-cx2j","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hhx9-p69v-cx2j"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/180bca4f993b7b778a8d2c65d3d357652218922b","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/180bca4f993b7b778a8d2c65d3d357652218922b"},{"reference_url":"https://github.com/apache/airflow/commit/9e305d6b810a2a21e2591a80a80ec41acb3afed0","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9e305d6b810a2a21e2591a80a80ec41acb3afed0"},{"reference_url":"https://github.com/apache/airflow/pull/9611","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/9611"},{"reference_url":"https://github.com/apache/airflow/pull/9611/commits/c8053e166d45ad519c0a1cd4480e025a759c176e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/airflow/pull/9611/commits/c8053e166d45ad519c0a1cd4480e025a759c176e"},{"reference_url":"https://github.com/apache/airflow/releases/tag/1.10.11","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/releases/tag/1.10.11"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-18.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-18.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13927","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-13927"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13927","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-13927"},{"reference_url":"http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_id":"Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/"}],"url":"http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_id":"Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/"}],"url":"http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html"},{"reference_url":"https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E","reference_id":"r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"9.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Act","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2024-07-24T21:03:08Z/"}],"url":"https://lists.apache.org/thread.html/r23a81b247aa346ff193670be565b2b8ea4b17ddbc7a35fc099c1aadd%40%3Cdev.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16769?format=json","purl":"pkg:pypi/apache-airflow@1.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11"}],"aliases":["BIT-airflow-2020-13927","CVE-2020-13927","GHSA-hhx9-p69v-cx2j","PYSEC-2020-18"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hpv8-57c6-2ub6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/140907?format=json","vulnerability_id":"VCID-hwhg-hxp4-qyeb","summary":"Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29247","reference_id":"","reference_type":"","scores":[{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.67409","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00524","scoring_system":"epss","scoring_elements":"0.675","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29247"},{"reference_url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vcf6-3wv2-5vcr"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/46c85ec11d224c133da6c45c1186c9aa498a7e75"},{"reference_url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f819dfcb24c597058b7b671f6317e4c84976975e"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-60.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29247"},{"reference_url":"https://github.com/apache/airflow/pull/30447","reference_id":"30447","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://github.com/apache/airflow/pull/30447"},{"reference_url":"https://github.com/apache/airflow/pull/30779","reference_id":"30779","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://github.com/apache/airflow/pull/30779"},{"reference_url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl","reference_id":"kqf5lxmko133780clsp827xfsh4xd3fl","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:25:56Z/"}],"url":"https://lists.apache.org/thread/kqf5lxmko133780clsp827xfsh4xd3fl"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74324?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-29247","CVE-2023-29247","GHSA-vcf6-3wv2-5vcr","PYSEC-2023-60"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hwhg-hxp4-qyeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205061?format=json","vulnerability_id":"VCID-jm9x-5mgd-z7ah","summary":"Stored XSS in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9485","reference_id":"","reference_type":"","scores":[{"value":"0.02134","scoring_system":"epss","scoring_elements":"0.84557","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02134","scoring_system":"epss","scoring_elements":"0.8461","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-9485"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-23.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9485","reference_id":"CVE-2020-9485","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-9485"},{"reference_url":"https://github.com/advisories/GHSA-j38c-25fj-mr84","reference_id":"GHSA-j38c-25fj-mr84","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j38c-25fj-mr84"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16771?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/16769?format=json","purl":"pkg:pypi/apache-airflow@1.10.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11"}],"aliases":["BIT-airflow-2020-9485","CVE-2020-9485","GHSA-j38c-25fj-mr84","PYSEC-2020-23"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jm9x-5mgd-z7ah"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77264?format=json","vulnerability_id":"VCID-jqkv-bj6f-mkh8","summary":"Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o notice.\n\nThis issue affects Apache Airflow Provider for Databricks: from 1.10.0 before 1.12.0.\n\nUsers are recommended to upgrade to version 1.12.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32794","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07613","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07578","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-32794"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32794","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32794"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/03/30/9","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/03/30/9"},{"reference_url":"https://github.com/apache/airflow/pull/63704","reference_id":"63704","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:31:16Z/"}],"url":"https://github.com/apache/airflow/pull/63704"},{"reference_url":"https://github.com/advisories/GHSA-wrpj-755p-x363","reference_id":"GHSA-wrpj-755p-x363","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wrpj-755p-x363"},{"reference_url":"https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb","reference_id":"hn17yqsgsdtl81llvhf80rkp53hnz5nb","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:31:16Z/"}],"url":"https://lists.apache.org/thread/hn17yqsgsdtl81llvhf80rkp53hnz5nb"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375223?format=json","purl":"pkg:pypi/apache-airflow@1.12.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/62481?format=json","purl":"pkg:pypi/apache-airflow@2.0.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0b1"}],"aliases":["CVE-2026-32794","GHSA-wrpj-755p-x363"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jqkv-bj6f-mkh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135341?format=json","vulnerability_id":"VCID-k32s-e7tk-gfe7","summary":"Apache Airflow, versions before 2.7.3, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs.  This is a different issue than CVE-2023-42663 but leading to similar outcome.\nUsers of Apache Airflow are advised to upgrade to version 2.7.3 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42781","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.1743","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17265","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42781"},{"reference_url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r7x6-xfcm-3mxv"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/33ec72948f74f56f2adb5e2d388e60e88e8a3fa3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-231.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42781"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/2","reference_id":"2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/2"},{"reference_url":"https://github.com/apache/airflow/pull/34939","reference_id":"34939","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"https://github.com/apache/airflow/pull/34939"},{"reference_url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1","reference_id":"7dnl8nszdxqyns57f3dw0sloy5dfl9o1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-03T15:20:08Z/"}],"url":"https://lists.apache.org/thread/7dnl8nszdxqyns57f3dw0sloy5dfl9o1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74342?format=json","purl":"pkg:pypi/apache-airflow@2.7.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.3"}],"aliases":["BIT-airflow-2023-42781","CVE-2023-42781","GHSA-r7x6-xfcm-3mxv","PYSEC-2023-231"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k32s-e7tk-gfe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149694?format=json","vulnerability_id":"VCID-kgwq-4rwr-dybt","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22887","reference_id":"","reference_type":"","scores":[{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.71095","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00639","scoring_system":"epss","scoring_elements":"0.71005","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22887"},{"reference_url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-ggwr-4vr8-g7wv"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8ff7dfbd9e76aa40b04adeb231df3820606f5ba3"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-104.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22887"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"32293","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/"}],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo","reference_id":"rxddqs76r6rkxsg1n24d029zys67qwwo","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:44:40Z/"}],"url":"https://lists.apache.org/thread/rxddqs76r6rkxsg1n24d029zys67qwwo"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74332?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-22887","CVE-2023-22887","GHSA-ggwr-4vr8-g7wv","PYSEC-2023-104"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgwq-4rwr-dybt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/116990?format=json","vulnerability_id":"VCID-kjra-gghm-sqg2","summary":"Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.11.1 or a later version, which addresses this issue. Users who previously used the CLI to set connections should manually delete entries with those connection sensitive values from the log table. This is similar but not the same issue as CVE-2024-50378","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27555","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08753","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08712","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-27555"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/pull/61882","reference_id":"61882","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:39:35Z/"}],"url":"https://github.com/apache/airflow/pull/61882"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27555","reference_id":"CVE-2025-27555","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-27555"},{"reference_url":"https://github.com/advisories/GHSA-8r55-rv5w-6pfm","reference_id":"GHSA-8r55-rv5w-6pfm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8r55-rv5w-6pfm"},{"reference_url":"https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw","reference_id":"nxovkp319jo8vg498gql1yswtb2frbkw","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T15:39:35Z/"}],"url":"https://lists.apache.org/thread/nxovkp319jo8vg498gql1yswtb2frbkw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37835?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"}],"aliases":["CVE-2025-27555","GHSA-8r55-rv5w-6pfm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjra-gghm-sqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/173735?format=json","vulnerability_id":"VCID-nnbr-jmj5-v3c9","summary":"Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40954","reference_id":"","reference_type":"","scores":[{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78807","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01131","scoring_system":"epss","scoring_elements":"0.78741","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-40954"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45","reference_id":"0tmdlnmjs5t4gsx5fy73tb6zd3jztq45","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/"}],"url":"https://lists.apache.org/thread/0tmdlnmjs5t4gsx5fy73tb6zd3jztq45"},{"reference_url":"https://github.com/apache/airflow/pull/27646","reference_id":"27646","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-29T13:49:57Z/"}],"url":"https://github.com/apache/airflow/pull/27646"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40954","reference_id":"CVE-2022-40954","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40954"},{"reference_url":"https://github.com/advisories/GHSA-45r6-j3cc-6mxx","reference_id":"GHSA-45r6-j3cc-6mxx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45r6-j3cc-6mxx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26994?format=json","purl":"pkg:pypi/apache-airflow@2.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.0"}],"aliases":["CVE-2022-40954","GHSA-45r6-j3cc-6mxx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nnbr-jmj5-v3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/162892?format=json","vulnerability_id":"VCID-nxm8-uma2-u3ed","summary":"In Apache Airflow versions prior to 2.4.2, the \"Trigger DAG with config\" screen was susceptible to XSS attacks via the `origin` query argument.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43982","reference_id":"","reference_type":"","scores":[{"value":"0.01135","scoring_system":"epss","scoring_elements":"0.78847","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01135","scoring_system":"epss","scoring_elements":"0.78782","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43982"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42970.yaml"},{"reference_url":"https://github.com/apache/airflow/pull/27143","reference_id":"27143","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/"}],"url":"https://github.com/apache/airflow/pull/27143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43982","reference_id":"CVE-2022-43982","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43982"},{"reference_url":"https://github.com/advisories/GHSA-h63r-9xxf-f2c7","reference_id":"GHSA-h63r-9xxf-f2c7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h63r-9xxf-f2c7"},{"reference_url":"https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l","reference_id":"vqnvdrfsw9z7v7c46qh3psjgr7wy959l","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:27:33Z/"}],"url":"https://lists.apache.org/thread/vqnvdrfsw9z7v7c46qh3psjgr7wy959l"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27734?format=json","purl":"pkg:pypi/apache-airflow@2.4.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/72140?format=json","purl":"pkg:pypi/apache-airflow@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2"}],"aliases":["BIT-airflow-2022-43982","CVE-2022-43982","GHSA-h63r-9xxf-f2c7","PYSEC-2022-42970"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nxm8-uma2-u3ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65906?format=json","vulnerability_id":"VCID-nz83-fzzb-5ucs","summary":"The `access_key` and `connection_string` connection properties were not marked as sensitive names in secrets masker. This means that user with read permission could see the values in Connection UI, as well as when Connection was accidentaly logged to logs, those values could be seen in the logs. Azure Service Bus used those properties to store sensitive values. Possibly other providers could be also affected if they used the same fields to store sensitive data.\n\nIf you used Azure Service Bus connection with those values set or if you have other connections with those values storing sensitve values, you should upgrade Airflow to 3.1.8","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25219","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.0766","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07695","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25219"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25219","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25219"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/15/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/15/3"},{"reference_url":"https://github.com/apache/airflow/pull/61580","reference_id":"61580","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/"}],"url":"https://github.com/apache/airflow/pull/61580"},{"reference_url":"https://github.com/apache/airflow/pull/61582","reference_id":"61582","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/"}],"url":"https://github.com/apache/airflow/pull/61582"},{"reference_url":"https://github.com/advisories/GHSA-4g48-54q2-fg7q","reference_id":"GHSA-4g48-54q2-fg7q","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4g48-54q2-fg7q"},{"reference_url":"https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh","reference_id":"t4dlmqkn0njz4chk3g7mdgzb96y4ttqh","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-15T19:53:19Z/"}],"url":"https://lists.apache.org/thread/t4dlmqkn0njz4chk3g7mdgzb96y4ttqh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/91427?format=json","purl":"pkg:pypi/apache-airflow@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5r2q-cc18-v7cx"},{"vulnerability":"VCID-6vv8-kr7f-mubf"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-ap8j-6689-kfgd"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-szqt-j7av-dqde"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-typh-t13h-w3g1"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-yvkr-2un4-cyfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.8"}],"aliases":["CVE-2026-25219","GHSA-4g48-54q2-fg7q"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nz83-fzzb-5ucs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129478?format=json","vulnerability_id":"VCID-p92v-jeew-eygn","summary":"Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25695","reference_id":"","reference_type":"","scores":[{"value":"0.01026","scoring_system":"epss","scoring_elements":"0.77777","published_at":"2026-06-12T12:55:00Z"},{"value":"0.01026","scoring_system":"epss","scoring_elements":"0.77708","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25695"},{"reference_url":"https://github.com/advisories/GHSA-h6g5-wqqr-3mw3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h6g5-wqqr-3mw3"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/965e76d9ed00ef354a834739ac46f24068630951"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-2.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25695","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25695"},{"reference_url":"https://github.com/apache/airflow/pull/29501","reference_id":"29501","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/"}],"url":"https://github.com/apache/airflow/pull/29501"},{"reference_url":"https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2","reference_id":"z8w6ckzs61ql365tv4d19k82o67r15p2","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-13T14:29:36Z/"}],"url":"https://lists.apache.org/thread/z8w6ckzs61ql365tv4d19k82o67r15p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74312?format=json","purl":"pkg:pypi/apache-airflow@2.5.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/74314?format=json","purl":"pkg:pypi/apache-airflow@2.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.5.2"}],"aliases":["BIT-airflow-2023-25695","CVE-2023-25695","GHSA-h6g5-wqqr-3mw3","PYSEC-2023-2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p92v-jeew-eygn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/163163?format=json","vulnerability_id":"VCID-q4kq-54bn-2yfd","summary":"In Apache Airflow versions prior to 2.4.2, there was an open redirect in the webserver's `/confirm` endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43985","reference_id":"","reference_type":"","scores":[{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66802","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00507","scoring_system":"epss","scoring_elements":"0.66709","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-43985"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9fb4814d29d934cef3b02fb3b2547f9fb76aaa97"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42971.yaml"},{"reference_url":"https://github.com/apache/airflow/pull/27143","reference_id":"27143","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/"}],"url":"https://github.com/apache/airflow/pull/27143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43985","reference_id":"CVE-2022-43985","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-43985"},{"reference_url":"https://github.com/advisories/GHSA-f9fq-78ch-4wmj","reference_id":"GHSA-f9fq-78ch-4wmj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f9fq-78ch-4wmj"},{"reference_url":"https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq","reference_id":"m13y9s5kw92fw9l8j4qd85h0txp4kfcq","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-02T20:26:33Z/"}],"url":"https://lists.apache.org/thread/m13y9s5kw92fw9l8j4qd85h0txp4kfcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27734?format=json","purl":"pkg:pypi/apache-airflow@2.4.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/72140?format=json","purl":"pkg:pypi/apache-airflow@2.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2"}],"aliases":["BIT-airflow-2022-43985","CVE-2022-43985","GHSA-f9fq-78ch-4wmj","PYSEC-2022-42971"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q4kq-54bn-2yfd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/204752?format=json","vulnerability_id":"VCID-qbvb-qhyc-nbdp","summary":"XSS in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12398","reference_id":"","reference_type":"","scores":[{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68909","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00563","scoring_system":"epss","scoring_elements":"0.68815","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12398"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/blob/1.10.5/CHANGELOG.txt","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/blob/1.10.5/CHANGELOG.txt"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-162.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-162.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/14/2","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/01/14/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12398","reference_id":"CVE-2019-12398","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12398"},{"reference_url":"https://github.com/advisories/GHSA-rjvg-q57v-mjjc","reference_id":"GHSA-rjvg-q57v-mjjc","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rjvg-q57v-mjjc"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16426?format=json","purl":"pkg:pypi/apache-airflow@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5"}],"aliases":["CVE-2019-12398","GHSA-rjvg-q57v-mjjc","PYSEC-2020-162"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvb-qhyc-nbdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/166046?format=json","vulnerability_id":"VCID-qg14-ym9d-wuea","summary":"In Apache Airflow versions prior to 2.4.3, there was an open redirect in the webserver's `/login` endpoint.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45402","reference_id":"","reference_type":"","scores":[{"value":"0.06361","scoring_system":"epss","scoring_elements":"0.91232","published_at":"2026-06-12T12:55:00Z"},{"value":"0.06361","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-45402"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f0f67e8bc9dcb9444cfc5b88ee075191785469b7"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42984.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/11/15/1","reference_id":"1","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/11/15/1"},{"reference_url":"https://github.com/apache/airflow/pull/27576","reference_id":"27576","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/"}],"url":"https://github.com/apache/airflow/pull/27576"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45402","reference_id":"CVE-2022-45402","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-45402"},{"reference_url":"https://github.com/advisories/GHSA-rg94-84xj-7gq3","reference_id":"GHSA-rg94-84xj-7gq3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rg94-84xj-7gq3"},{"reference_url":"https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh","reference_id":"nf4xrkoo6c81g6fdn4vj8k9x2686o9nh","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-30T15:54:53Z/"}],"url":"https://lists.apache.org/thread/nf4xrkoo6c81g6fdn4vj8k9x2686o9nh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27859?format=json","purl":"pkg:pypi/apache-airflow@2.4.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.3"}],"aliases":["BIT-airflow-2022-45402","CVE-2022-45402","GHSA-rg94-84xj-7gq3","PYSEC-2022-42984"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qg14-ym9d-wuea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218083?format=json","vulnerability_id":"VCID-qrdz-mth2-4kgd","summary":"In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17513","reference_id":"","reference_type":"","scores":[{"value":"0.02135","scoring_system":"epss","scoring_elements":"0.84562","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02135","scoring_system":"epss","scoring_elements":"0.84616","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17513"},{"reference_url":"https://github.com/advisories/GHSA-6r3p-fcvm-xh7c","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r3p-fcvm-xh7c"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/b606b871226d649913a37fd074eeae5d86ebc3a1","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b606b871226d649913a37fd074eeae5d86ebc3a1"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-20.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-20.yaml"},{"reference_url":"https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb3647269f07cc2775ca6568cbfd4994d862c842a58120d2aba9c658a%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17513","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17513"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61831?format=json","purl":"pkg:pypi/apache-airflow@1.10.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.13"}],"aliases":["BIT-airflow-2020-17513","CVE-2020-17513","GHSA-6r3p-fcvm-xh7c","PYSEC-2020-20"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qrdz-mth2-4kgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93134?format=json","vulnerability_id":"VCID-r2bq-ukcr-1fa3","summary":"In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.\n\nUsers are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68675","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14239","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.14122","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68675"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-10.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-10.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/01/15/6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/01/15/6"},{"reference_url":"https://github.com/apache/airflow/pull/59688","reference_id":"59688","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/"}],"url":"https://github.com/apache/airflow/pull/59688"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675","reference_id":"CVE-2025-68675","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68675"},{"reference_url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h","reference_id":"GHSA-7c2f-r6gc-h92h","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7c2f-r6gc-h92h"},{"reference_url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5","reference_id":"x6kply4nqd4vc4wgxtm6g9r2tt63s8c5","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-16T16:05:54Z/"}],"url":"https://lists.apache.org/thread/x6kply4nqd4vc4wgxtm6g9r2tt63s8c5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/37835?format=json","purl":"pkg:pypi/apache-airflow@2.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/37837?format=json","purl":"pkg:pypi/apache-airflow@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5r2q-cc18-v7cx"},{"vulnerability":"VCID-7q3b-su3j-y7b4"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-ap8j-6689-kfgd"},{"vulnerability":"VCID-bkwd-x3qh-57ga"},{"vulnerability":"VCID-bva2-dpg3-m7hv"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f41w-9d6d-wbgf"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-srr5-3rxv-rkg8"},{"vulnerability":"VCID-szqt-j7av-dqde"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-typh-t13h-w3g1"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-yvkr-2un4-cyfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.6"}],"aliases":["BIT-airflow-2025-68675","CVE-2025-68675","GHSA-7c2f-r6gc-h92h","PYSEC-2026-10"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r2bq-ukcr-1fa3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/139382?format=json","vulnerability_id":"VCID-r91g-hqa7-zbep","summary":"Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The \"Run Task\" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The \"Run Task\" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39508","reference_id":"","reference_type":"","scores":[{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65586","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00481","scoring_system":"epss","scoring_elements":"0.65684","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-39508"},{"reference_url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-269x-pg5c-5xgm"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/101d59c4b88ab979d305b8d96f612c27c8a44aa8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-134.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-39508"},{"reference_url":"https://github.com/apache/airflow/pull/29706","reference_id":"29706","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"https://github.com/apache/airflow/pull/29706"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Jul/43","reference_id":"43","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Jul/43"},{"reference_url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15","reference_id":"j2nkjd0zqvtqk85s6ywpx3c35pvzyx15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-10-02T16:18:16Z/"}],"url":"https://lists.apache.org/thread/j2nkjd0zqvtqk85s6ywpx3c35pvzyx15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74318?format=json","purl":"pkg:pypi/apache-airflow@2.6.0b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0b1"},{"url":"http://public2.vulnerablecode.io/api/packages/74324?format=json","purl":"pkg:pypi/apache-airflow@2.6.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5jy7-w294-kuf8"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.0"}],"aliases":["BIT-airflow-2023-39508","CVE-2023-39508","GHSA-269x-pg5c-5xgm","PYSEC-2023-134"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r91g-hqa7-zbep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41396?format=json","vulnerability_id":"VCID-rnpn-qfdf-87aq","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26280","reference_id":"","reference_type":"","scores":[{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.4571","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00226","scoring_system":"epss","scoring_elements":"0.45562","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26280"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/1a96407cd2d76616c1137de288f092d4f3b097fa"},{"reference_url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/7f10998c17ab9d725bc8671deb4c12d672bfba99"},{"reference_url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8324c87e05741e5a673c43b315619a3788bacc2e"},{"reference_url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/8463ee4f25114a6c5fb2408d6026afe94bdf106d"},{"reference_url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f2ea8a3e1753012bfe0d529c9c8be66cf55ca28f"},{"reference_url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/f4b9cc74976b7df1acbc3c63471b5751b3e2c40c"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-42.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/03/01/1","reference_id":"1","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/03/01/1"},{"reference_url":"https://github.com/apache/airflow/pull/37501","reference_id":"37501","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"https://github.com/apache/airflow/pull/37501"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280","reference_id":"CVE-2024-26280","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-26280"},{"reference_url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459","reference_id":"GHSA-6xwf-xvf3-v459","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xwf-xvf3-v459"},{"reference_url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh","reference_id":"knskxxxml95091rsnpxkpo1jjp8rj0fh","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T15:36:34Z/"}],"url":"https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29453?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-b6t6-294p-nkgx"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["BIT-airflow-2024-26280","CVE-2024-26280","GHSA-6xwf-xvf3-v459","PYSEC-2024-42"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rnpn-qfdf-87aq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218086?format=json","vulnerability_id":"VCID-sp29-t2bx-rfcu","summary":"Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17526","reference_id":"","reference_type":"","scores":[{"value":"0.91484","scoring_system":"epss","scoring_elements":"0.99685","published_at":"2026-06-11T12:55:00Z"},{"value":"0.91484","scoring_system":"epss","scoring_elements":"0.99686","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17526"},{"reference_url":"https://github.com/advisories/GHSA-7mx5-x372-xh87","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7mx5-x372-xh87"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2f3b1c780472afd4c8a93633e6633feb7083792e","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2f3b1c780472afd4c8a93633e6633feb7083792e"},{"reference_url":"https://github.com/apache/airflow/commit/6b065840323f9a4fc8e372b458d26e419e4fa99b","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/6b065840323f9a4fc8e372b458d26e419e4fa99b"},{"reference_url":"https://github.com/apache/airflow/commit/97b2735d65e95c4633966667b6db3908540f3937","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/97b2735d65e95c4633966667b6db3908540f3937"},{"reference_url":"https://github.com/apache/airflow/commit/9e01476a50b9be27c4b1e6c6e24d36f290629195","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9e01476a50b9be27c4b1e6c6e24d36f290629195"},{"reference_url":"https://github.com/apache/airflow/commit/a8900fa5f2b8963e9f57ba4ae5520a5d339aeaad","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/a8900fa5f2b8963e9f57ba4ae5520a5d339aeaad"},{"reference_url":"https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/dfa7b26ddaca80ee8fd9915ee9f6eac50fac77f6"},{"reference_url":"https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/fe6d00a54f83468e296777d3b83b65a2ae7169ec"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-22.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-22.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r466759f377651f0a690475d5a52564d0e786e82c08d5a5730a4f8352@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rbeeb73a6c741f2f9200d83b9c2220610da314810c4e8c9cf881d47ef%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17526","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-17526"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/12/21/1","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"8.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2020/12/21/1"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61899?format=json","purl":"pkg:pypi/apache-airflow@1.10.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.14"}],"aliases":["BIT-airflow-2020-17526","CVE-2020-17526","GHSA-7mx5-x372-xh87","PYSEC-2020-22"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sp29-t2bx-rfcu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55788?format=json","vulnerability_id":"VCID-sxa8-9f89-bfdv","summary":"Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27906","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16452","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16309","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-27906"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/08d25607abe8593ecb90a84e338896bb79692d7b"},{"reference_url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/0a95299691e2d6a9b874adfae94d246a7f681ec9"},{"reference_url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2adbe882e68df0e2b1084bc869616bb01e416aa7"},{"reference_url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a"},{"reference_url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/90255d9d44a649025f588497f6c82177dad48326"},{"reference_url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/9c4defa08268322b9db80123a22d7b56b2063446"},{"reference_url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/a7fa258ba1c69a18e0f620499625f6026768dc24"},{"reference_url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/bc2646be043f71b4d1ab7eefd2af65a60bf919f2"},{"reference_url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d944eb0de216d9e1d125fae5ce4af7440154deb4"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2024-245.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/02/29/1","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2024/02/29/1"},{"reference_url":"https://github.com/apache/airflow/pull/37290","reference_id":"37290","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://github.com/apache/airflow/pull/37290"},{"reference_url":"https://github.com/apache/airflow/pull/37468","reference_id":"37468","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://github.com/apache/airflow/pull/37468"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906","reference_id":"CVE-2024-27906","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27906"},{"reference_url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2","reference_id":"GHSA-6v6w-h8m6-7mv2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6v6w-h8m6-7mv2"},{"reference_url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5","reference_id":"on4f7t5sqr3vfgp1pvkck79wv7mq9st5","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-29T20:43:33Z/"}],"url":"https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29453?format=json","purl":"pkg:pypi/apache-airflow@2.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-b6t6-294p-nkgx"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.2"}],"aliases":["BIT-airflow-2024-27906","CVE-2024-27906","GHSA-6v6w-h8m6-7mv2","PYSEC-2024-245"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sxa8-9f89-bfdv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84240?format=json","vulnerability_id":"VCID-tbn8-rdjn-nban","summary":"The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment and learn the existence and names of DAGs and assets outside their authorized scope.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40690","reference_id":"","reference_type":"","scores":[{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.25108","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00087","scoring_system":"epss","scoring_elements":"0.24909","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-40690"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/cf3452d76e2ef5a8bae247f9fc90c759ff9df02f","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/cf3452d76e2ef5a8bae247f9fc90c759ff9df02f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40690","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40690"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/24/4","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/24/4"},{"reference_url":"https://github.com/apache/airflow/pull/65273","reference_id":"65273","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:54:08Z/"}],"url":"https://github.com/apache/airflow/pull/65273"},{"reference_url":"https://lists.apache.org/thread/bqt7y4g2cpj396b0sd20lv510ff19ndl","reference_id":"bqt7y4g2cpj396b0sd20lv510ff19ndl","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-24T14:54:08Z/"}],"url":"https://lists.apache.org/thread/bqt7y4g2cpj396b0sd20lv510ff19ndl"},{"reference_url":"https://github.com/advisories/GHSA-w7rc-q6cm-f5gm","reference_id":"GHSA-w7rc-q6cm-f5gm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7rc-q6cm-f5gm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93941?format=json","purl":"pkg:pypi/apache-airflow@3.2.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-7nmp-wvjt-5qcd"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-r4gm-ygr6-4ffs"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-y78u-y824-afc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.1rc1"}],"aliases":["CVE-2026-40690","GHSA-w7rc-q6cm-f5gm"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbn8-rdjn-nban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/150189?format=json","vulnerability_id":"VCID-tg1w-9bcx-6fg3","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40712","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34557","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34735","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40712"},{"reference_url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mjqh-v5f2-g2mw"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4390524a41fdfd2d57f1d2dc98ad7b4009c8399e"},{"reference_url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d9814eb3a2fc1dbbb885a0a2c1b7a23ce1cfa148"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-171.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40712"},{"reference_url":"https://github.com/apache/airflow/pull/33512","reference_id":"33512","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://github.com/apache/airflow/pull/33512"},{"reference_url":"https://github.com/apache/airflow/pull/33516","reference_id":"33516","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://github.com/apache/airflow/pull/33516"},{"reference_url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts","reference_id":"jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-25T15:02:02Z/"}],"url":"https://lists.apache.org/thread/jw1yv4lt6hpowqbb0x4o3tdp0jhx2bts"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74338?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["BIT-airflow-2023-40712","CVE-2023-40712","GHSA-mjqh-v5f2-g2mw","PYSEC-2023-171"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg1w-9bcx-6fg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/66519?format=json","vulnerability_id":"VCID-ttb5-juj4-uugt","summary":"In case of SQL errors, exception/stack trace of errors was exposed in API even if \"api/expose_stack_traces\" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30912","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21799","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.21612","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-30912"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-18.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-18.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30912","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-30912"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/5","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/5"},{"reference_url":"https://github.com/apache/airflow/pull/63028","reference_id":"63028","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/"}],"url":"https://github.com/apache/airflow/pull/63028"},{"reference_url":"https://github.com/advisories/GHSA-w7cf-2pmc-5m4c","reference_id":"GHSA-w7cf-2pmc-5m4c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w7cf-2pmc-5m4c"},{"reference_url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","reference_id":"tp6kz1hnfb3zsrrtg19myo8x5x80w8r9","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-20T15:56:44Z/"}],"url":"https://lists.apache.org/thread/tp6kz1hnfb3zsrrtg19myo8x5x80w8r9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92193?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-7nmp-wvjt-5qcd"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-r4gm-ygr6-4ffs"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-y78u-y824-afc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["BIT-airflow-2026-30912","CVE-2026-30912","GHSA-w7cf-2pmc-5m4c","PYSEC-2026-18"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ttb5-juj4-uugt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/165299?format=json","vulnerability_id":"VCID-u42p-urfu-83hn","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46651","reference_id":"","reference_type":"","scores":[{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37777","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00167","scoring_system":"epss","scoring_elements":"0.37599","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-46651"},{"reference_url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xvw9-3mhm-xjqq"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/d01248382fe45a5f5a7fdeed4082a80c5f814ad8"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-103.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-46651"},{"reference_url":"https://github.com/apache/airflow/pull/32309","reference_id":"32309","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/"}],"url":"https://github.com/apache/airflow/pull/32309"},{"reference_url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d","reference_id":"n45h3y82og125rnlgt6rbm9szfb6q24d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:45:26Z/"}],"url":"https://lists.apache.org/thread/n45h3y82og125rnlgt6rbm9szfb6q24d"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74332?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2022-46651","CVE-2022-46651","GHSA-xvw9-3mhm-xjqq","PYSEC-2023-103"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u42p-urfu-83hn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149335?format=json","vulnerability_id":"VCID-u7j1-ha9q-xkdd","summary":"Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affected","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22888","reference_id":"","reference_type":"","scores":[{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35671","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00151","scoring_system":"epss","scoring_elements":"0.35491","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-22888"},{"reference_url":"https://github.com/advisories/GHSA-5946-8p38-vffp","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5946-8p38-vffp"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/05bd90f563649f2e9c8f0c85cf5838315a665a02"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-105.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-22888"},{"reference_url":"https://github.com/apache/airflow/pull/32293","reference_id":"32293","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/"}],"url":"https://github.com/apache/airflow/pull/32293"},{"reference_url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z","reference_id":"dnlht2hvm7k81k5tgjtsfmk27c76kq7z","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-04T13:48:07Z/"}],"url":"https://lists.apache.org/thread/dnlht2hvm7k81k5tgjtsfmk27c76kq7z"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74332?format=json","purl":"pkg:pypi/apache-airflow@2.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.6.3"}],"aliases":["BIT-airflow-2023-22888","CVE-2023-22888","GHSA-5946-8p38-vffp","PYSEC-2023-105"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u7j1-ha9q-xkdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/217857?format=json","vulnerability_id":"VCID-uj57-9mwj-xueb","summary":"In Apache Airflow before 1.10.5 when running with the \"classic\" UI, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. The new \"RBAC\" UI is unaffected.","references":[{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r72487ad6b23d18689896962782f8c93032afe5c72a6bfd23b253352b%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"http://www.openwall.com/lists/oss-security/2020/01/14/2","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2020/01/14/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16426?format=json","purl":"pkg:pypi/apache-airflow@1.10.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.5"}],"aliases":["PYSEC-2020-181"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uj57-9mwj-xueb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/135539?format=json","vulnerability_id":"VCID-utkw-km71-efgd","summary":"Apache Airflow, versions prior to 2.7.2, contains a security vulnerability that allows authenticated users of Airflow to list warnings for all DAGs, even if the user had no permission to see those DAGs. It would reveal the dag_ids and the stack-traces of import errors for those DAGs with import errors.\nUsers of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42780","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32168","published_at":"2026-06-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.31983","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-42780"},{"reference_url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cgx2-rrmr-jx43"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/cf4eb3fb9b5cf4a8369b890e39523d4c05eed161"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-202.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-42780"},{"reference_url":"https://github.com/apache/airflow/pull/34355","reference_id":"34355","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/"}],"url":"https://github.com/apache/airflow/pull/34355"},{"reference_url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d","reference_id":"h5tvsvov8j55wojt5sojdprs05oby34d","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-17T15:30:52Z/"}],"url":"https://lists.apache.org/thread/h5tvsvov8j55wojt5sojdprs05oby34d"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74340?format=json","purl":"pkg:pypi/apache-airflow@2.7.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.2"}],"aliases":["BIT-airflow-2023-42780","CVE-2023-42780","GHSA-cgx2-rrmr-jx43","PYSEC-2023-202"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utkw-km71-efgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208292?format=json","vulnerability_id":"VCID-utwq-nekz-f7de","summary":"OS Command injection in Apache Airflow","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24288","reference_id":"","reference_type":"","scores":[{"value":"0.89825","scoring_system":"epss","scoring_elements":"0.99592","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-24288"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-30.yaml"},{"reference_url":"https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/dbw5ozcmr0h0lhs0yjph7xdc64oht23t"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24288","reference_id":"CVE-2022-24288","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24288"},{"reference_url":"https://github.com/advisories/GHSA-3v7g-4pg3-7r6j","reference_id":"GHSA-3v7g-4pg3-7r6j","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3v7g-4pg3-7r6j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19522?format=json","purl":"pkg:pypi/apache-airflow@2.2.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8y5v-gc8r-mfds"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4"}],"aliases":["BIT-airflow-2022-24288","CVE-2022-24288","GHSA-3v7g-4pg3-7r6j","PYSEC-2022-30"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-utwq-nekz-f7de"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/208295?format=json","vulnerability_id":"VCID-uyfw-cw7q-gubj","summary":"Apache Airflow Cross-site Scripting Vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45229","reference_id":"","reference_type":"","scores":[{"value":"0.02835","scoring_system":"epss","scoring_elements":"0.86506","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02835","scoring_system":"epss","scoring_elements":"0.86557","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-45229"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/628aa1f99c865d97d0b1c7c76e630e43a7b8d319"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-29.yaml"},{"reference_url":"https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/phx76cgtmhwwdy780rvwhobx8qoy4bnk"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45229","reference_id":"CVE-2021-45229","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-45229"},{"reference_url":"https://github.com/advisories/GHSA-65xw-pcqw-hjrh","reference_id":"GHSA-65xw-pcqw-hjrh","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-65xw-pcqw-hjrh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/19523?format=json","purl":"pkg:pypi/apache-airflow@2.2.4rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.2.4rc1"}],"aliases":["BIT-airflow-2021-45229","CVE-2021-45229","GHSA-65xw-pcqw-hjrh","PYSEC-2022-29"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uyfw-cw7q-gubj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65750?format=json","vulnerability_id":"VCID-vnaq-tba8-ykag","summary":"Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low.\n\nUsers are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25917","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16146","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1629","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-25917"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-13.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2026-13.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25917","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-25917"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/04/17/9","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2026/04/17/9"},{"reference_url":"https://github.com/apache/airflow/pull/61641","reference_id":"61641","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/"}],"url":"https://github.com/apache/airflow/pull/61641"},{"reference_url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","reference_id":"6whgpkqbh12rvpfmvcg8b0vwlv4hq3po","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-04-22T03:55:40Z/"}],"url":"https://lists.apache.org/thread/6whgpkqbh12rvpfmvcg8b0vwlv4hq3po"},{"reference_url":"https://github.com/advisories/GHSA-6ffj-2wg2-w45j","reference_id":"GHSA-6ffj-2wg2-w45j","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6ffj-2wg2-w45j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/92193?format=json","purl":"pkg:pypi/apache-airflow@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-7nmp-wvjt-5qcd"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-r4gm-ygr6-4ffs"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-y78u-y824-afc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.0"}],"aliases":["BIT-airflow-2026-25917","CVE-2026-25917","GHSA-6ffj-2wg2-w45j","PYSEC-2026-13"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vnaq-tba8-ykag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69884?format=json","vulnerability_id":"VCID-vxqr-wyq5-6yge","summary":"A bug in the GET `/api/v2/connections/{connection_id}` REST API endpoint in Apache Airflow allowed an authenticated UI/API user with Connection-read permission to retrieve secrets stored in a Connection's `extra` JSON blob under field names not present in the redaction allowlist (`DEFAULT_SENSITIVE_FIELDS`) — for example, official Slack-provider credential field names were returned in plaintext. Affects deployments that store credentials in Connection `extra` blobs and grant Connection-read access to multiple users. Users are advised to upgrade to `apache-airflow` 3.2.2 or later. As a defense-in-depth mitigation, deployment operators can store sensitive credential values in a secret-backend rather than inlined into the Connection's `extra` field.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45192","reference_id":"","reference_type":"","scores":[{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.1204","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00039","scoring_system":"epss","scoring_elements":"0.12133","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-45192"},{"reference_url":"http://www.openwall.com/lists/oss-security/2026/06/01/3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"http://www.openwall.com/lists/oss-security/2026/06/01/3"},{"reference_url":"https://github.com/apache/airflow/pull/66673","reference_id":"66673","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:52:50Z/"}],"url":"https://github.com/apache/airflow/pull/66673"},{"reference_url":"https://lists.apache.org/thread/r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd","reference_id":"r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-01T12:52:50Z/"}],"url":"https://lists.apache.org/thread/r2q93dg2wp5h9sd9vh6y4y5ljqd9crdd"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/93948?format=json","purl":"pkg:pypi/apache-airflow@3.2.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.2.2"}],"aliases":["BIT-airflow-2026-45192","CVE-2026-45192","PYSEC-2026-173"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vxqr-wyq5-6yge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/149953?format=json","vulnerability_id":"VCID-vymx-nqhb-pfht","summary":"Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40611","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32183","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32365","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-40611"},{"reference_url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wpg8-mf6h-gm92"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2a0106e4edf67c5905ebfcb82a6008662ae0f7ad"},{"reference_url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b7a46c970d638028a4a7643ad000dcee951fb9ef"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-170.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-40611"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/11/12/1","reference_id":"1","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"http://www.openwall.com/lists/oss-security/2023/11/12/1"},{"reference_url":"https://github.com/apache/airflow/pull/33413","reference_id":"33413","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"https://github.com/apache/airflow/pull/33413"},{"reference_url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0","reference_id":"8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-25T13:36:48Z/"}],"url":"https://lists.apache.org/thread/8y9xk1s3j4qr36yzqn8ogbn9fl7pxrn0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/74338?format=json","purl":"pkg:pypi/apache-airflow@2.7.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-86v6-qrfj-9fdb"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-ahbc-71um-h3g2"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cevw-hkjm-mkc2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.7.1"}],"aliases":["BIT-airflow-2023-40611","CVE-2023-40611","GHSA-wpg8-mf6h-gm92","PYSEC-2023-170"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vymx-nqhb-pfht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211446?format=json","vulnerability_id":"VCID-wpnx-wvj6-2khc","summary":"Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41672","reference_id":"","reference_type":"","scores":[{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.57176","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00339","scoring_system":"epss","scoring_elements":"0.57056","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41672"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/12bfb571a895a28a58d3189b0fc10cfc1b89e24c"},{"reference_url":"https://github.com/apache/airflow/pull/26635","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/26635"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-42983.yaml"},{"reference_url":"https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/ohf3pvd3dftb8zb01yngbn1jtkq5m08y"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41672","reference_id":"CVE-2022-41672","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41672"},{"reference_url":"https://github.com/advisories/GHSA-3q8r-f3pj-3gc4","reference_id":"GHSA-3q8r-f3pj-3gc4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3q8r-f3pj-3gc4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/27284?format=json","purl":"pkg:pypi/apache-airflow@2.4.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/27734?format=json","purl":"pkg:pypi/apache-airflow@2.4.2rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8htr-n7ys-1bbw"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.4.2rc1"}],"aliases":["BIT-airflow-2022-41672","CVE-2022-41672","GHSA-3q8r-f3pj-3gc4","PYSEC-2022-42983"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpnx-wvj6-2khc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/211287?format=json","vulnerability_id":"VCID-xcmz-3we1-gucg","summary":"Apache Airflow exposes arbitrary file content","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38170","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51165","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51296","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38170"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/b6a2cd1aa34f69a36ea127e4f7f5ba87f4aca420"},{"reference_url":"https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/bf01d10cd348e679916034de1befb79ec6e46ff8"},{"reference_url":"https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/c14ea8f0f34944d2ecfa9021d167602e8b2b8b90"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2022-261.yaml"},{"reference_url":"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/zn8mbbb1j2od5nc9zhrvb7rpsrg1vvzv"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/02/12","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/09/02/12"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/02/3","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/09/02/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/2","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38170","reference_id":"CVE-2022-38170","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-38170"},{"reference_url":"https://github.com/advisories/GHSA-q8h9-pqcx-59hw","reference_id":"GHSA-q8h9-pqcx-59hw","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8h9-pqcx-59hw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/26111?format=json","purl":"pkg:pypi/apache-airflow@2.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-b397-bkbt-uyat"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jq9s-gczd-yue3"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-q832-2q3v-dya5"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.3.4"}],"aliases":["BIT-airflow-2022-38170","CVE-2022-38170","GHSA-q8h9-pqcx-59hw","PYSEC-2022-261"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xcmz-3we1-gucg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218104?format=json","vulnerability_id":"VCID-xkmg-g2wz-hfd2","summary":"The lineage endpoint of the deprecated Experimental API was not protected by authentication in Airflow 2.0.0. This allowed unauthenticated users to hit that endpoint. This is low-severity issue as the attacker needs to be aware of certain parameters to pass to that endpoint and even after can just get some metadata about a DAG and a Task. This issue affects Apache Airflow 2.0.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26697","reference_id":"","reference_type":"","scores":[{"value":"0.02459","scoring_system":"epss","scoring_elements":"0.85564","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02459","scoring_system":"epss","scoring_elements":"0.85615","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-26697"},{"reference_url":"https://github.com/advisories/GHSA-fh37-cx83-q542","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fh37-cx83-q542"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/21cedff205e7d62675949fda2aa4616d77232b76","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/21cedff205e7d62675949fda2aa4616d77232b76"},{"reference_url":"https://github.com/apache/airflow/commit/24a54242d56058846c7978130b3f37ca045d5142","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/24a54242d56058846c7978130b3f37ca045d5142"},{"reference_url":"https://github.com/apache/airflow/commit/93957e917ff4cfb0be11aef088bd9527cf728a04","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/93957e917ff4cfb0be11aef088bd9527cf728a04"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-3.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36111262a59219a3e2704c71e97cf84937dae5ba7a1da99499e5d8f9@%3Cannounce.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519@%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re21fec81baea7a6d73b0b5d31efd07cc02c61f832e297f65bb19b519%40%3Cusers.airflow.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26697","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-26697"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/02/17/2","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2021/02/17/2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62487?format=json","purl":"pkg:pypi/apache-airflow@2.0.1rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1rc1"},{"url":"http://public2.vulnerablecode.io/api/packages/62489?format=json","purl":"pkg:pypi/apache-airflow@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.1"}],"aliases":["BIT-airflow-2021-26697","CVE-2021-26697","GHSA-fh37-cx83-q542","PYSEC-2021-3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xkmg-g2wz-hfd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/153584?format=json","vulnerability_id":"VCID-ywze-nppd-ryg4","summary":"An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11978","reference_id":"","reference_type":"","scores":[{"value":"0.94272","scoring_system":"epss","scoring_elements":"0.9994","published_at":"2026-06-11T12:55:00Z"},{"value":"0.94272","scoring_system":"epss","scoring_elements":"0.99941","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11978"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/2fa51576e1283f5732e38fada686fd248d9c3a1e","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/2fa51576e1283f5732e38fada686fd248d9c3a1e"},{"reference_url":"https://github.com/apache/airflow/commit/4d8599e8b0520ff4226fbad72f724afae50fdd08","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/4d8599e8b0520ff4226fbad72f724afae50fdd08"},{"reference_url":"https://github.com/apache/airflow/pull/9143","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/9143"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-14.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2020-14.yaml"},{"reference_url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11978","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-11978"},{"reference_url":"http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_id":"Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:53:53Z/"}],"url":"http://packetstormsecurity.com/files/162908/Apache-Airflow-1.10.10-Remote-Code-Execution.html"},{"reference_url":"http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_id":"Apache-Airflow-1.10.10-Remote-Code-Execution.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:53:53Z/"}],"url":"http://packetstormsecurity.com/files/174764/Apache-Airflow-1.10.10-Remote-Code-Execution.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11978","reference_id":"CVE-2020-11978","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11978"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49927.py","reference_id":"CVE-2020-13927;CVE-2020-11978","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/49927.py"},{"reference_url":"https://github.com/advisories/GHSA-rvmq-4x66-q7j3","reference_id":"GHSA-rvmq-4x66-q7j3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rvmq-4x66-q7j3"},{"reference_url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_id":"r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Attend","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T20:53:53Z/"}],"url":"https://lists.apache.org/thread.html/r7255cf0be3566f23a768e2a04b40fb09e52fcd1872695428ba9afe91%40%3Cusers.airflow.apache.org%3E"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/16771?format=json","purl":"pkg:pypi/apache-airflow@1.10.11rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.11rc1"}],"aliases":["BIT-airflow-2020-11978","CVE-2020-11978","GHSA-rvmq-4x66-q7j3","PYSEC-2020-14"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ywze-nppd-ryg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/129148?format=json","vulnerability_id":"VCID-z7rt-fxe3-3udw","summary":"Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.\n\nThis issue affects Apache Airflow Sqoop Provider versions before 3.1.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25693","reference_id":"","reference_type":"","scores":[{"value":"0.03621","scoring_system":"epss","scoring_elements":"0.88109","published_at":"2026-06-12T12:55:00Z"},{"value":"0.03621","scoring_system":"epss","scoring_elements":"0.88069","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-25693"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-314.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-314.yaml"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-25693"},{"reference_url":"https://github.com/apache/airflow/pull/29500","reference_id":"29500","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/"}],"url":"https://github.com/apache/airflow/pull/29500"},{"reference_url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4","reference_id":"79qn8g5xbq036f8crb115obvr22l52q4","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-02-13T14:26:37Z/"}],"url":"https://lists.apache.org/thread/79qn8g5xbq036f8crb115obvr22l52q4"},{"reference_url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf","reference_id":"GHSA-j69x-v4wc-3fpf","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j69x-v4wc-3fpf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/34926?format=json","purl":"pkg:pypi/apache-airflow@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2j7p-89b9-t7e8"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-5r2q-cc18-v7cx"},{"vulnerability":"VCID-7q3b-su3j-y7b4"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-ap8j-6689-kfgd"},{"vulnerability":"VCID-bftx-1hw8-z7f1"},{"vulnerability":"VCID-bkwd-x3qh-57ga"},{"vulnerability":"VCID-bva2-dpg3-m7hv"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-f41w-9d6d-wbgf"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-srr5-3rxv-rkg8"},{"vulnerability":"VCID-szqt-j7av-dqde"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-tx59-fvt4-mbfj"},{"vulnerability":"VCID-typh-t13h-w3g1"},{"vulnerability":"VCID-u2bm-499h-2qfh"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-xga6-ksvc-9yhf"},{"vulnerability":"VCID-yvkr-2un4-cyfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@3.1.1"}],"aliases":["CVE-2023-25693","GHSA-j69x-v4wc-3fpf","PYSEC-2023-314"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7rt-fxe3-3udw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203468?format=json","vulnerability_id":"VCID-z7ws-c1xv-cybz","summary":"Apache Airflow vulnerable to Stored XSS","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0216","reference_id":"","reference_type":"","scores":[{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.71679","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00664","scoring_system":"epss","scoring_elements":"0.71764","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-0216"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/73280e489c8a766264f2dd9225c3c899f31be758","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/73280e489c8a766264f2dd9225c3c899f31be758"},{"reference_url":"https://github.com/apache/airflow/commit/a7d8fe64a15b9c228654441166a5ba85d0a5f8ef","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/a7d8fe64a15b9c228654441166a5ba85d0a5f8ef"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-214.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2019-214.yaml"},{"reference_url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/2de387213d45bc626d27554a1bde7b8c67d08720901f82a50b6f4231@%3Cdev.airflow.apache.org%3E"},{"reference_url":"https://web.archive.org/web/20200227081055/http://www.securityfocus.com/bid/107869","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227081055/http://www.securityfocus.com/bid/107869"},{"reference_url":"http://www.openwall.com/lists/oss-security/2019/04/10/6","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2019/04/10/6"},{"reference_url":"http://www.securityfocus.com/bid/107869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107869"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0216","reference_id":"CVE-2019-0216","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0216"},{"reference_url":"https://github.com/advisories/GHSA-8p7v-2jvj-v54r","reference_id":"GHSA-8p7v-2jvj-v54r","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8p7v-2jvj-v54r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53962?format=json","purl":"pkg:pypi/apache-airflow@1.10.3b1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-3mcw-4t4r-kfhy"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qbvb-qhyc-nbdp"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-uj57-9mwj-xueb"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z7ws-c1xv-cybz"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3b1"},{"url":"http://public2.vulnerablecode.io/api/packages/15147?format=json","purl":"pkg:pypi/apache-airflow@1.10.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3dmy-j4pr-3kb6"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6a87-cq75-3ubt"},{"vulnerability":"VCID-6jcy-9yty-w3gv"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8fh5-c62g-g3ej"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9fm3-h4pj-6kac"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-ehpn-d1k9-4bak"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hpv8-57c6-2ub6"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-jm9x-5mgd-z7ah"},{"vulnerability":"VCID-jqkv-bj6f-mkh8"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qbvb-qhyc-nbdp"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-qrdz-mth2-4kgd"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sp29-t2bx-rfcu"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-uj57-9mwj-xueb"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-ywze-nppd-ryg4"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"},{"vulnerability":"VCID-za5e-2ed7-zbeb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.3"}],"aliases":["CVE-2019-0216","GHSA-8p7v-2jvj-v54r","PYSEC-2019-214"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7ws-c1xv-cybz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218377?format=json","vulnerability_id":"VCID-z9pc-46h3-pff1","summary":"Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable.\nThis flaw compromises the integrity of variable management, potentially leading to unauthorized data modification.\nUsers are recommended to upgrade to 2.8.0, which fixes this issue","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50783","reference_id":"","reference_type":"","scores":[{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.13067","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00041","scoring_system":"epss","scoring_elements":"0.12971","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-50783"},{"reference_url":"https://github.com/advisories/GHSA-5938-79hg-xh3q","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5938-79hg-xh3q"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/commit/0e1c106d7cd0703125528a691088e42e17c99929"},{"reference_url":"https://github.com/apache/airflow/pull/33932","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow/pull/33932"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-267.yaml"},{"reference_url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread/rs7cr3yp726mb89s1m844hy9pq7frgcn"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-50783"},{"reference_url":"http://www.openwall.com/lists/oss-security/2023/12/21/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2023/12/21/4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/29828?format=json","purl":"pkg:pypi/apache-airflow@2.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-619t-7b16-vbax"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-aau9-yvuf-qbcc"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-cjun-ju6c-1fes"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-z7rt-fxe3-3udw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.8.0"}],"aliases":["BIT-airflow-2023-50783","CVE-2023-50783","GHSA-5938-79hg-xh3q","PYSEC-2023-267"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z9pc-46h3-pff1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/108931?format=json","vulnerability_id":"VCID-za5e-2ed7-zbeb","summary":"Edge3 Worker RPC RCE on Airflow 2.\n\nThis issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2.\n\n\n\nThe Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do.\n\nIf you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2.\n\nIf you used Edge Provider in Airflow 3, you are not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67895","reference_id":"","reference_type":"","scores":[{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5756","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57675","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-67895"},{"reference_url":"https://github.com/apache/airflow","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/airflow"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2025-87.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2025/12/16/3","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2025/12/16/3"},{"reference_url":"https://github.com/apache/airflow/pull/59143","reference_id":"59143","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-17T19:55:27Z/"}],"url":"https://github.com/apache/airflow/pull/59143"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67895","reference_id":"CVE-2025-67895","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-67895"},{"reference_url":"https://github.com/advisories/GHSA-66h8-3g48-6hx8","reference_id":"GHSA-66h8-3g48-6hx8","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66h8-3g48-6hx8"},{"reference_url":"https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs","reference_id":"hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-17T19:55:27Z/"}],"url":"https://lists.apache.org/thread/hhnmmzkj5qx5gbk6pdkh8tcsx5oj1nqs"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23685?format=json","purl":"pkg:pypi/apache-airflow@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-168u-zs7t-pqdf"},{"vulnerability":"VCID-1fke-agqs-bkd1"},{"vulnerability":"VCID-2r7f-dzef-dfcs"},{"vulnerability":"VCID-2urm-nyak-63ew"},{"vulnerability":"VCID-2w8y-kxer-s7e2"},{"vulnerability":"VCID-3ep8-xwyq-q7d9"},{"vulnerability":"VCID-4e1s-kjwm-4ffg"},{"vulnerability":"VCID-4n4v-jv1f-1bgk"},{"vulnerability":"VCID-4q46-3648-ckaq"},{"vulnerability":"VCID-668v-1v1b-9bf2"},{"vulnerability":"VCID-6smg-qne8-hfgj"},{"vulnerability":"VCID-6vhk-pt43-nqbd"},{"vulnerability":"VCID-6ywu-aujt-dfbz"},{"vulnerability":"VCID-7ujj-9jbc-jfes"},{"vulnerability":"VCID-881f-vbac-rucw"},{"vulnerability":"VCID-8aa5-hyy9-e3f1"},{"vulnerability":"VCID-8gmn-hbp1-4kbt"},{"vulnerability":"VCID-8ze1-k1e3-huhc"},{"vulnerability":"VCID-9y7c-yxq4-f7ha"},{"vulnerability":"VCID-akt3-fjpx-zbbd"},{"vulnerability":"VCID-bjtj-v297-cbd7"},{"vulnerability":"VCID-bw9q-wjgg-vqgs"},{"vulnerability":"VCID-bwh8-43re-a3b8"},{"vulnerability":"VCID-c2d5-ha3e-hkcd"},{"vulnerability":"VCID-c2sx-75mh-afhd"},{"vulnerability":"VCID-cjdt-c5b2-f7bb"},{"vulnerability":"VCID-cn8p-pg33-83aa"},{"vulnerability":"VCID-cnzs-6j9b-cfd2"},{"vulnerability":"VCID-d6m3-rkux-pfaw"},{"vulnerability":"VCID-es5x-ee29-6ue8"},{"vulnerability":"VCID-etdd-wf1g-5yc6"},{"vulnerability":"VCID-ex63-gwxe-tufh"},{"vulnerability":"VCID-f5rh-fhtd-wyau"},{"vulnerability":"VCID-fxxa-6sx4-yfhh"},{"vulnerability":"VCID-g4qz-drbp-gqdp"},{"vulnerability":"VCID-g4y4-92yj-r3ct"},{"vulnerability":"VCID-gbn8-8y8d-gkgw"},{"vulnerability":"VCID-gdht-hfnv-pqbm"},{"vulnerability":"VCID-gfcb-gz5n-23fs"},{"vulnerability":"VCID-h4r7-k7z1-6kgg"},{"vulnerability":"VCID-he37-337a-r7ex"},{"vulnerability":"VCID-hwhg-hxp4-qyeb"},{"vulnerability":"VCID-k32s-e7tk-gfe7"},{"vulnerability":"VCID-kgwq-4rwr-dybt"},{"vulnerability":"VCID-kjra-gghm-sqg2"},{"vulnerability":"VCID-nnbr-jmj5-v3c9"},{"vulnerability":"VCID-nxm8-uma2-u3ed"},{"vulnerability":"VCID-nz83-fzzb-5ucs"},{"vulnerability":"VCID-p92v-jeew-eygn"},{"vulnerability":"VCID-q4kq-54bn-2yfd"},{"vulnerability":"VCID-qcqk-eyx2-6bcg"},{"vulnerability":"VCID-qg14-ym9d-wuea"},{"vulnerability":"VCID-r2bq-ukcr-1fa3"},{"vulnerability":"VCID-r91g-hqa7-zbep"},{"vulnerability":"VCID-rnpn-qfdf-87aq"},{"vulnerability":"VCID-sxa8-9f89-bfdv"},{"vulnerability":"VCID-tbn8-rdjn-nban"},{"vulnerability":"VCID-tg1w-9bcx-6fg3"},{"vulnerability":"VCID-ttb5-juj4-uugt"},{"vulnerability":"VCID-u42p-urfu-83hn"},{"vulnerability":"VCID-u7j1-ha9q-xkdd"},{"vulnerability":"VCID-utkw-km71-efgd"},{"vulnerability":"VCID-utwq-nekz-f7de"},{"vulnerability":"VCID-uyfw-cw7q-gubj"},{"vulnerability":"VCID-vnaq-tba8-ykag"},{"vulnerability":"VCID-vxqr-wyq5-6yge"},{"vulnerability":"VCID-vymx-nqhb-pfht"},{"vulnerability":"VCID-wpnx-wvj6-2khc"},{"vulnerability":"VCID-xcmz-3we1-gucg"},{"vulnerability":"VCID-xkmg-g2wz-hfd2"},{"vulnerability":"VCID-z7rt-fxe3-3udw"},{"vulnerability":"VCID-z9pc-46h3-pff1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0"}],"aliases":["CVE-2025-67895","GHSA-66h8-3g48-6hx8","PYSEC-2025-87"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-za5e-2ed7-zbeb"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@1.10.2rc1"}