Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-hgq2-kuex-y3a3
Vulnerability ID VCID-hgq2-kuex-y3a3
Aliases CVE-2023-42663
GHSA-32wr-qqw6-5mfp
PYSEC-2023-197
Summary Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user who has access to read specific DAGs only, to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00401 https://api.first.org/data/v1/epss?cve=CVE-2023-42663
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2023-42663
https://github.com/apache/airflow
https://github.com/apache/airflow/pull/34315
https://github.com/pypa/advisory-database/tree/main/vulns/apache-airflow/PYSEC-2023-197.yaml
https://lists.apache.org/thread/xj86cvfkxgd0cyqfmz6mh1bsfc61c6o9
CVE-2023-42663 https://nvd.nist.gov/vuln/detail/CVE-2023-42663
GHSA-32wr-qqw6-5mfp https://github.com/advisories/GHSA-32wr-qqw6-5mfp
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.61013
EPSS Score 0.00401
Published At May 30, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-30T20:32:53.173773+00:00 Pypa Importer Import https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2023-197.yaml 38.6.0