Filter
-Infinity
0
Trending
pip/apache-airflowApache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)
4.7
EPSS
0.04%
First published (updated )
pip/apache-airflowApache Airflow: Potentially harmful permission changing by log task handler
5.3
EPSS
0.04%
First published (updated )
pip/apache-airflowApache Airflow: Dag Code and Import Error Permissions Ignored
5.9
EPSS
0.04%
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 has an open redirect
6.1
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow prior to 2.3.1 may include sensitive values in rendered template
7.5
First published (updated )
pip/apache-airflowApache Airflow <2.4.0 has an RCE in a bash example
8.8
First published (updated )
Apache AirflowApache Airflow: Open redirect during login
6.1
First published (updated )
Apache AirflowApache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
7.8
First published (updated )
pip/apache-airflowApache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
5.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow Pinot provider allowed Command Injection
9.8
First published (updated )
Apache Airflow 3End of life
First published (updated )
CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection
First published (updated )
CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-30473: Apache Airflow Common SQL Provider: mote Code Execution via Sql Injection
First published (updated )
Apache AirflowApache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
9.8
First published (updated )
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
pip/apache-airflowApache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
5.5
First published (updated )
pip/apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
5.3
EPSS
0.04%
First published (updated )
Flask-AppBuilderObservable Response Discrepancy in Flask-AppBuilder
5.3
First published (updated )
Apache AirflowApache Airflow's Experimental API Authentication Bypass
First published (updated )
Apache AirflowApache Airflow Command Injection
First published (updated )
Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs
7.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: Bypass permission verification to read code of other dags
6.5
First published (updated )
pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript
5.4
First published (updated )
Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
4.3
First published (updated )
pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
7.5
First published (updated )
pip/apache-airflowApache Airflow: Bypass permission verification to view task instances of other dags
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.