Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow@2.0.0a1
Typepypi
Namespace
Nameapache-airflow
Version2.0.0a1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.2
Latest_non_vulnerable_version3.2.2
Affected_by_vulnerabilities
0
url VCID-ks8d-9vr8-4feh
vulnerability_id VCID-ks8d-9vr8-4feh
summary The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-28359
reference_id
reference_type
scores
0
value 0.02558
scoring_system epss
scoring_elements 0.85811
published_at 2026-06-06T12:55:00Z
1
value 0.02558
scoring_system epss
scoring_elements 0.85808
published_at 2026-06-07T12:55:00Z
2
value 0.02558
scoring_system epss
scoring_elements 0.85786
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-28359
1
reference_url https://github.com/advisories/GHSA-3xxv-p78r-4fc6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-3xxv-p78r-4fc6
2
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
3
reference_url https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow/commit/2fef2ab1bf0f8c727a503940c9c65fd5be208386
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2021-4.yaml
5
reference_url https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra8ce70088ba291f358e077cafdb14d174b7a1ce9a9d86d1b332d6367%40%3Cusers.airflow.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc005f4de9d9b0ba943ceb8ff5a21a5c6ff8a9df52632476698d99432@%3Cannounce.apache.org%3E
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-28359
reference_id CVE-2021-28359
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-28359
fixed_packages
0
url pkg:pypi/apache-airflow@2.0.2
purl pkg:pypi/apache-airflow@2.0.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1fj3-3bdw-nbch
1
vulnerability VCID-1w96-f72k-ryap
2
vulnerability VCID-29g4-vwe3-2kh2
3
vulnerability VCID-2ajq-ewgt-b7c5
4
vulnerability VCID-2fnz-jqpe-nuau
5
vulnerability VCID-2xr2-w3hk-auck
6
vulnerability VCID-2ysx-9hz5-fyfm
7
vulnerability VCID-3h3z-bfsc-jqax
8
vulnerability VCID-4dm5-fm66-xyea
9
vulnerability VCID-4ga6-4111-dyc9
10
vulnerability VCID-4jpp-1y1j-pub1
11
vulnerability VCID-4xax-xw67-2qfv
12
vulnerability VCID-56eq-awhd-d3fr
13
vulnerability VCID-5cpd-kjpb-ekhv
14
vulnerability VCID-5jyk-dgtu-zfhd
15
vulnerability VCID-5yxa-ubfq-fqdx
16
vulnerability VCID-5zmy-2ape-7qfa
17
vulnerability VCID-6d41-f8bx-xkh1
18
vulnerability VCID-6gjt-zsju-47a3
19
vulnerability VCID-6vg9-hu9u-q7c3
20
vulnerability VCID-71hr-1ews-9qa6
21
vulnerability VCID-7a12-nqbv-7fe1
22
vulnerability VCID-835a-arqz-g7h7
23
vulnerability VCID-91n6-evww-zybp
24
vulnerability VCID-98yf-mvnw-d3b4
25
vulnerability VCID-amac-hqnj-xfgz
26
vulnerability VCID-b3w3-h9cm-ufgm
27
vulnerability VCID-cahz-4dy7-bbe9
28
vulnerability VCID-dh4r-77xc-cbas
29
vulnerability VCID-djdy-z9r3-s3a2
30
vulnerability VCID-due7-n14c-akfx
31
vulnerability VCID-ej1r-mp6n-gudd
32
vulnerability VCID-ez45-qkb4-xkba
33
vulnerability VCID-fbjk-2uvy-mqfc
34
vulnerability VCID-gn6e-a1yp-g7dw
35
vulnerability VCID-gxvn-spkx-9qea
36
vulnerability VCID-gz6e-b7dz-5qdf
37
vulnerability VCID-h6sp-398p-pbeg
38
vulnerability VCID-hah6-e5fc-juc5
39
vulnerability VCID-hy75-nfg7-zfae
40
vulnerability VCID-j86y-n37n-n7ft
41
vulnerability VCID-kh46-xrgm-9udx
42
vulnerability VCID-mcbu-b45m-k3ck
43
vulnerability VCID-me8m-415b-g3fx
44
vulnerability VCID-njyy-ywer-x7bf
45
vulnerability VCID-pu6f-xhvm-q3du
46
vulnerability VCID-pybp-gfy8-2qcr
47
vulnerability VCID-pypb-cezm-rkb2
48
vulnerability VCID-q84t-8dac-93dm
49
vulnerability VCID-qehu-58hj-67gn
50
vulnerability VCID-qfsu-w1gc-6fcj
51
vulnerability VCID-qg28-p7e1-g3bj
52
vulnerability VCID-qmpd-946c-gqbc
53
vulnerability VCID-qr9h-6dg8-gkh3
54
vulnerability VCID-rkeh-vuxg-ubgn
55
vulnerability VCID-ryct-uaw3-fyfc
56
vulnerability VCID-suwt-h1ze-mydu
57
vulnerability VCID-t3ap-dzfp-1bd6
58
vulnerability VCID-t476-g5u5-1yeh
59
vulnerability VCID-tbb9-myv7-a7h4
60
vulnerability VCID-tcvd-eys5-1qhf
61
vulnerability VCID-u5wv-47m4-8yd6
62
vulnerability VCID-v7y9-5tsg-wyhe
63
vulnerability VCID-w56f-fmkf-dkfv
64
vulnerability VCID-w5aw-fb9r-uydg
65
vulnerability VCID-x9ns-34nt-gfer
66
vulnerability VCID-xh7u-8ze6-cqhk
67
vulnerability VCID-ydhm-m8vh-mber
68
vulnerability VCID-z4aj-mkes-tube
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.2
aliases BIT-airflow-2021-28359, CVE-2021-28359, GHSA-3xxv-p78r-4fc6, PYSEC-2021-4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ks8d-9vr8-4feh
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow@2.0.0a1