Filter
Versions
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
pip/apache-airflowApache Airflow: Potential XSS Vulnerability
8.1
First published (updated )
pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler
8.8
First published (updated )
pip/apache-airflowApache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
5.5
First published (updated )
pip/apache-airflowApache Airflow: Ignored Airflow Permissions
8.1
EPSS
0.04%
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: XSS vulnerability in Task Instance Log/Log Details
5.4
First published (updated )
pip/apache-airflowApache Airflow: Improper access control vulnerability on the "varimport" endpoint
6.5
First published (updated )
pip/apache-airflowApache Airflow: Missing CSRF protection on DAG/trigger
6.5
First published (updated )
pip/apache-airflowApache Airflow: Improper access control to DAG resources
4.3
First published (updated )
pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript
5.4
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
4.3
First published (updated )
Apache AirflowApache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
4.3
First published (updated )
pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
7.5
First published (updated )
Apache AirflowSession fixation in Apache Airflow web interface
8
First published (updated )
Apache AirflowApache Airflow: Open redirect during login
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow prior to 2.4.2 has an open redirect
6.1
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
6.1
First published (updated )
pip/apache-airflowApache Airflow's Experimental API Authentication Bypass
First published (updated )
Apache AirflowApache Airflow Command Injection
First published (updated )
Apache AirflowApache Airflow: Privilege escalation using airflow logs
9.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache Apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow
9.8
First published (updated )
pip/apache-airflow-providers-cncf-kubernetesApache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
6.5
First published (updated )
Apache AirflowApache Airflow: Information disclosure on configuration view
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: ReDoS via dags function
6.5
First published (updated )
Apache AirflowApache Airflow: Security vulnerability on AirFlow Connections
6.5
First published (updated )
Apache AirflowApache Airflow path traversal by authenticated user
7
First published (updated )
Apache AirflowApache Airflow: Access to DAGs without relevant permission
6.5
First published (updated )
Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges
8.8
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.