Search for packages
| purl | pkg:pypi/apache-airflow@3.0.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1azm-hsvr-f3e8
Aliases: CVE-2023-25693 GHSA-j69x-v4wc-3fpf PYSEC-2023-314 |
Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. |
Affected by 14 other vulnerabilities. |
|
VCID-2u2j-n9c2-3bbn
Aliases: CVE-2025-62503 GHSA-gp5f-cx7h-8q6f |
Apache Airflow's create action can upsert existing Pools/Connections/Variables User with CREATE and no UPDATE privilege for Pools, Connections, Variables could update existing records via bulk create API with overwrite action. |
Affected by 14 other vulnerabilities. |
|
VCID-76ne-uynm-3bbr
Aliases: CVE-2025-62402 GHSA-273c-4g26-4jpm |
Apache Airflow `/api/v2/dagReports` executes DAG Python in API API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available. |
Affected by 14 other vulnerabilities. |
|
VCID-9x6r-5m59-yyap
Aliases: BIT-airflow-2025-66236 CVE-2025-66236 GHSA-j86x-fwp2-qh7v PYSEC-2026-8 |
Before Airflow 3.2.0, it was unclear that secure Airflow deployments require the Deployment Manager to take appropriate actions and pay attention to security details and security model of Airflow. Some assumptions the Deployment Manager could make were not clear or explicit enough, even though Airflow's intentions and security model of Airflow did not suggest different assumptions. The overall security model [1], workload isolation [2], and JWT authentication details [3] are now described in more detail. Users concerned with role isolation and following the Airflow security model of Airflow are advised to upgrade to Airflow 3.2, where several security improvements have been implemented. They should also read and follow the relevant documents to make sure that their deployment is secure enough. It also clarifies that the Deployment Manager is ultimately responsible for securing your Airflow deployment. This had also been communicated via Airflow 3.2.0 Blog announcement [4]. [1] Security Model: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html [2] Workload isolation: https://airflow.apache.org/docs/apache-airflow/stable/security/workload.html [3] JWT Token authentication: https://airflow.apache.org/docs/apache-airflow/stable/security/jwt_token_authentication.html [4] Airflow 3.2.0 Blog announcement: https://airflow.apache.org/blog/airflow-3.2.0/ Users are recommended to upgrade to version 3.2.0, which fixes this issue. |
Affected by 0 other vulnerabilities. |
|
VCID-bv7f-s53t-uqe4
Aliases: BIT-airflow-2026-34538 CVE-2026-34538 GHSA-r7vr-m4jw-r794 PYSEC-2026-21 |
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-only. Airflow uses the FAB Auth Manager to manage access control on a per-resource basis. The Viewer role is intended to be read-only by default, and the security model documentation defines Viewer users as those who can inspect DAGs without accessing sensitive execution results. Users are recommended to upgrade to Apache Airflow 3.2.0 which resolves this issue. |
Affected by 0 other vulnerabilities. |
|
VCID-g8pv-cam5-d7dj
Aliases: BIT-airflow-2026-28779 CVE-2026-28779 GHSA-4fhm-p86v-hwpx PYSEC-2026-16 |
Apache Airflow versions 3.1.0 through 3.1.7Â session token (_token) in cookies is set to path=/ regardless of the configured [webserver] base_url or [api] base_url. This allows any application co-hosted under the same domain to capture valid Airflow session tokens from HTTP request headers, allowing full session takeover without attacking Airflow itself. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-gyqp-7gr9-v3e6
Aliases: CVE-2025-54941 GHSA-v3c9-j6h9-66v4 |
Apache Airflow has a command injection vulnerability in "example_dag_decorator" An example dag `example_dag_decorator` had non-validated parameter that allowed the UI user to redirect the example to a malicious server and execute code on worker. This however required that the example dags are enabled in production (not default) or the example dag code copied to build your own similar dag. If you used the `example_dag_decorator` please review it and apply the changes implemented in Airflow 3.0.5 accordingly. |
Affected by 11 other vulnerabilities. |
|
VCID-j6uh-kx6m-sydp
Aliases: BIT-airflow-2026-25917 CVE-2026-25917 GHSA-6ffj-2wg2-w45j PYSEC-2026-13 |
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly trusted, severity of this issue is Low. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-m3ff-jty5-3uhw
Aliases: BIT-airflow-2026-26929 CVE-2026-26929 GHSA-4m3h-wp5w-5hqh PYSEC-2026-14 |
Apache Airflow versions 3.0.0 through 3.1.7Â FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request is made with dag_id set to "~" (wildcard for all DAGs). As a result, version metadata of DAGs that the requester is not authorized to access is returned. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-nrc9-bdc2-dfes
Aliases: BIT-airflow-2026-28563 CVE-2026-28563 GHSA-x3fv-96qh-67m7 PYSEC-2026-15 |
Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to upgrade to Apache Airflow 3.1.8 or later, which resolves this issue. |
Affected by 6 other vulnerabilities. |
|
VCID-pvh4-3wng-ekdq
Aliases: BIT-airflow-2026-32690 CVE-2026-32690 GHSA-w9r4-94fj-xp69 PYSEC-2026-19 |
Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not store variables with sensitive values in JSON form, you are not affected. Otherwise please upgrade to Apache Airflow 3.2.0 that has the fix implemented |
Affected by 0 other vulnerabilities. |
|
VCID-tpjn-4kru-vucv
Aliases: BIT-airflow-2026-30912 CVE-2026-30912 GHSA-w7cf-2pmc-5m4c PYSEC-2026-18 |
In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue. |
Affected by 0 other vulnerabilities. |
|
VCID-vras-f42j-xqfg
Aliases: BIT-airflow-2025-68675 CVE-2025-68675 GHSA-7c2f-r6gc-h92h PYSEC-2026-10 |
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed. Users are recommended to upgrade to 3.1.6 or later for Airflow 3, and 2.11.1 or later for Airflow 2 which fixes this issue |
Affected by 11 other vulnerabilities. |
|
VCID-vwv4-7y7y-9fcj
Aliases: BIT-airflow-2026-24098 CVE-2026-24098 GHSA-5g2w-9f8g-g5q7 PYSEC-2026-12 |
Apache Airflow versions 3.0.0 - 3.1.7, has vulnerability that allows authenticated UI users with permission to one or more specific Dags to view import errors generated by other Dags they did not have access to. Users are advised to upgrade to 3.1.7 or later, which resolves this issue |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||