Latest high severity vulnerabilities for "apache airflow"

pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler

high

8.8

First published (updated )

CVE-2024-39877

pip/apache-airflowApache Airflow: Potential XSS Vulnerability

high

8.1

First published (updated )

CVE-2024-39863

Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs

high

7.5

First published (updated )

CVE-2023-50943

pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

high

7.5

First published (updated )

CVE-2023-46215

Apache AirflowApache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

high

8.1

First published (updated )

CVE-2023-37379

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Apache AirflowSession fixation in Apache Airflow web interface

high

8

First published (updated )

CVE-2023-40273

Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

high

8.8

First published (updated )

CVE-2023-39508

Apache AirflowApache Airflow path traversal by authenticated user

high

7

First published (updated )

CVE-2023-22887

Apache AirflowApache Airflow Hive Provider vulnerability (command injection via hive_cli connection)

high

7.8

First published (updated )

CVE-2022-41131

Apache AirflowApache Airflow prior to 2.3.1 may include sensitive values in rendered template

high

7.5

First published (updated )

CVE-2022-27949

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

pip/apache-airflowApache Airflow <2.4.0 has an RCE in a bash example

high

8.8

First published (updated )

CVE-2022-40127

Apache AirflowSession still functional after user is deactivated

high

8.1

First published (updated )

CVE-2022-41672

Apache AirflowFormat String Vulnerability

high

7.5

First published (updated )

CVE-2022-40604

Apache AirflowApache Airflow: RCE in example DAGs

high

8.8

First published (updated )

CVE-2022-24288

Apache AirflowIncorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default conf…

high

7.7

First published (updated )

CVE-2020-17526

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Apache AirflowApache Airflow Command Injection

high

8.8

Exploited

First published (updated )

CVE-2020-11978

pip/apache-airflowCSRF

high

8.8

First published (updated )

CVE-2019-0229

Apache AirflowCSRF, Command Injection

high

8.8

First published (updated )

CVE-2017-17835

Apache AirflowInput Validation

high

8.8

First published (updated )

CVE-2017-15720

Apache AirflowThe LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was m…

high

7.5

First published (updated )

CVE-2018-20245

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read More Start Free Trial

Versions

pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler

pip/apache-airflowApache Airflow: Potential XSS Vulnerability

Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs

pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Apache AirflowApache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Never miss a vulnerability like this again

Apache AirflowSession fixation in Apache Airflow web interface

Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

Apache AirflowApache Airflow path traversal by authenticated user

Apache AirflowApache Airflow Hive Provider vulnerability (command injection via hive_cli connection)

Apache AirflowApache Airflow prior to 2.3.1 may include sensitive values in rendered template

Never miss a vulnerability like this again

pip/apache-airflowApache Airflow <2.4.0 has an RCE in a bash example

Apache AirflowSession still functional after user is deactivated

Apache AirflowFormat String Vulnerability

Apache AirflowApache Airflow: RCE in example DAGs

Apache AirflowIncorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default conf…

Never miss a vulnerability like this again

Apache AirflowApache Airflow Command Injection

pip/apache-airflowCSRF

Apache AirflowCSRF, Command Injection

Apache AirflowInput Validation

Apache AirflowThe LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior to Apache Airflow 1.10.1 was m…

Never miss a vulnerability like this again

Company

Resources

Contact