Filters
Versions
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
Apache Apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler
8.8
First published (updated )
pip/apache-airflowApache Airflow: Potential XSS Vulnerability
8.1
First published (updated )
Apache AirflowApache Airflow: Bypass permission verification to read code of other dags
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs
7.5
First published (updated )
pip/apache-airflow-providers-cncf-kubernetesApache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
6.5
First published (updated )
pip/apache-airflowApache Airflow: Improper access control to DAG resources
4.3
First published (updated )
pip/apache-airflowApache Airflow: Improper access control vulnerability on the "varimport" endpoint
6.5
First published (updated )
pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow: Missing CSRF protection on DAG/trigger
6.5
First published (updated )
Apache AirflowApache Airflow: Permission verification bypass allows viewing dagruns of other dags
6.5
First published (updated )
Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
4.3
First published (updated )
pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
7.5
First published (updated )
Apache AirflowApache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow: Bypass permission verification to view task instances of other dags
6.5
First published (updated )
Apache AirflowApache Airflow: Improper access control to DAG resources
6.5
First published (updated )
Apache AirflowApache Airflow: Configuration information leakage vulnerability
4.3
First published (updated )
pip/apache-airflowApache Airflow: Improper access control vulnerability in the "List dag warnings" feature
6.5
First published (updated )
Apache AirflowApache Airflow Dag Runs Broken Access Control Vulnerability
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: Secrets can be unmasked in the "Rendered Template"
6.5
First published (updated )
Apache AirflowApache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation
5.9
First published (updated )
Apache AirflowApache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature
8.1
First published (updated )
Apache AirflowSession fixation in Apache Airflow web interface
8
First published (updated )
Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: ReDoS via dags function
6.5
First published (updated )
Apache AirflowApache Airflow: Security vulnerability on AirFlow Connections
6.5
First published (updated )
Apache AirflowApache Airflow: Access to DAGs without relevant permission
6.5
First published (updated )
Apache AirflowApache Airflow: Information disclosure on configuration view
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow path traversal by authenticated user
7
First published (updated )
Apache AirflowApache Airflow: Privilege escalation using airflow logs
9.8
First published (updated )
Apache AirflowInformation disclosure in Apache Airflow
5.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
5.5
First published (updated )
Apache AirflowApache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
7.8
First published (updated )
Apache AirflowApache Airflow Pinot provider allowed Command Injection
9.8
First published (updated )
Apache AirflowApache Airflow: Open redirect during login
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow prior to 2.3.1 may include sensitive values in rendered template
7.5
First published (updated )
pip/apache-airflowApache Airflow <2.4.0 has an RCE in a bash example
8.8
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 has an open redirect
6.1
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
6.1
First published (updated )
Apache AirflowSession still functional after user is deactivated
8.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.