Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/apache-airflow-providers-http@2.1.2
Typepypi
Namespace
Nameapache-airflow-providers-http
Version2.1.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.0.0
Latest_non_vulnerable_version6.0.0
Affected_by_vulnerabilities
0
url VCID-esct-8mg3-gke8
vulnerability_id VCID-esct-8mg3-gke8
summary 
Apache Airflow Providers Http has Unsafe Pickle Deserializatio leading to RCE via HttpOperator
A user with access to the DB could craft a database entry that would result in executing code on Triggerer - which gives anyone who have access to DB the same permissions as Dag Author. Since direct DB access is not usual and recommended for Airflow, the likelihood of it making any damage is low.

Users should upgrade to version 6.0.0 of the provider to avoid even that risk.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-69219
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04405
published_at 2026-06-09T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04385
published_at 2026-06-08T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04418
published_at 2026-06-07T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04432
published_at 2026-06-06T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04443
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-69219
1
reference_url https://github.com/apache/airflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow
2
reference_url https://github.com/apache/airflow/commit/97839f7b0a8ae66d6079bb7fad5a363068f61617
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/apache/airflow/commit/97839f7b0a8ae66d6079bb7fad5a363068f61617
3
reference_url https://github.com/apache/airflow/pull/61662
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:45:11Z/
url https://github.com/apache/airflow/pull/61662
4
reference_url https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-09T15:45:11Z/
url https://lists.apache.org/thread/zjkfb2njklro68tqzym092r4w65m5dq0
5
reference_url http://www.openwall.com/lists/oss-security/2026/03/09/1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url http://www.openwall.com/lists/oss-security/2026/03/09/1
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-69219
reference_id CVE-2025-69219
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-69219
7
reference_url https://github.com/advisories/GHSA-9r5j-7r2x-rv4g
reference_id GHSA-9r5j-7r2x-rv4g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9r5j-7r2x-rv4g
fixed_packages
0
url pkg:pypi/apache-airflow-providers-http@6.0.0
purl pkg:pypi/apache-airflow-providers-http@6.0.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-http@6.0.0
aliases CVE-2025-69219, GHSA-9r5j-7r2x-rv4g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-esct-8mg3-gke8
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/apache-airflow-providers-http@2.1.2