Filter
-Infinity
0

Trending

Last week
Last month
Last year

Apache Airflow 3End of life

First published (updated )
EOL-apache-airflow-3

CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection

First published (updated )
https://seclists.org/oss-sec/2025/q2/18

CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection

First published (updated )
https://seclists.org/oss-sec/2025/q2/17

CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection

First published (updated )
https://seclists.org/oss-sec/2025/q2/16

Apache Airflow 2End of life

First published (updated )
latest-version-apache-airflow-2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache Airflow 2End of life

First published (updated )
EOL-apache-airflow-2

pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link

medium
6.1
First published (updated )
CVE-2024-41937

pip/apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow

critical
9.8
First published (updated )
CVE-2024-42447

pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler

high
8.8
First published (updated )
CVE-2024-39877

pip/apache-airflowApache Airflow: Potential XSS Vulnerability

high
8.1
First published (updated )
CVE-2024-39863

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-airflowApache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

medium
5.5
First published (updated )
CVE-2024-25142

pip/apache-airflowApache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-31869

pip/apache-airflowApache Airflow: Potentially harmful permission changing by log task handler

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-29735

pip/apache-airflowApache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)

medium
4.7
EPSS
0.04%
First published (updated )
CVE-2024-26280

pip/apache-airflowApache Airflow: Dag Code and Import Error Permissions Ignored

medium
5.9
EPSS
0.04%
First published (updated )
CVE-2024-27906

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache AirflowApache Airflow: Bypass permission verification to read code of other dags

medium
6.5
First published (updated )
CVE-2023-50944

Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs

high
7.5
First published (updated )
CVE-2023-50943

Apache AirflowApache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service

medium
6.5
First published (updated )
CVE-2023-51702

pip/apache-airflowApache Airflow: Improper access control to DAG resources

medium
4.3
First published (updated )
CVE-2023-48291

pip/apache-airflowApache Airflow: Improper access control vulnerability on the "varimport" endpoint

medium
6.5
First published (updated )
CVE-2023-50783

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript

medium
5.4
First published (updated )
CVE-2023-47265

pip/apache-airflowApache Airflow: Missing CSRF protection on DAG/trigger

medium
6.5
First published (updated )
CVE-2023-49920

Apache AirflowApache Airflow: Permission verification bypass allows viewing dagruns of other dags

medium
6.5
First published (updated )
CVE-2023-42781

Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)

medium
4.3
First published (updated )
CVE-2023-47037

pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

high
7.5
First published (updated )
CVE-2023-46215

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

CVE-2023-46215: Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

First published (updated )
https://seclists.org/oss-sec/2023/q4/193

Apache AirflowApache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

medium
4.3
First published (updated )
CVE-2023-46288

pip/apache-airflowApache Airflow: Bypass permission verification to view task instances of other dags

medium
6.5
First published (updated )
CVE-2023-42663

Apache AirflowApache Airflow: Improper access control to DAG resources

medium
6.5
First published (updated )
CVE-2023-42792

Apache AirflowApache Airflow: Configuration information leakage vulnerability

medium
4.3
First published (updated )
CVE-2023-45348

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203