Filter
AND
AND
Versions
pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link
6.1
First published (updated )
pip/apache-airflowApache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache
5.5
First published (updated )
Apache AirflowApache Airflow: XSS vulnerability in Task Instance Log/Log Details
5.4
First published (updated )
Apache AirflowApache Airflow: Bypass permission verification to read code of other dags
6.5
First published (updated )
pip/apache-airflow-providers-cncf-kubernetesApache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow: Improper access control to DAG resources
4.3
First published (updated )
pip/apache-airflowApache Airflow: Improper access control vulnerability on the "varimport" endpoint
6.5
First published (updated )
pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript
5.4
First published (updated )
pip/apache-airflowApache Airflow: Missing CSRF protection on DAG/trigger
6.5
First published (updated )
Apache AirflowApache Airflow: Permission verification bypass allows viewing dagruns of other dags
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
4.3
First published (updated )
Apache AirflowApache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
4.3
First published (updated )
pip/apache-airflowApache Airflow: Bypass permission verification to view task instances of other dags
6.5
First published (updated )
Apache AirflowApache Airflow: Improper access control to DAG resources
6.5
First published (updated )
Apache AirflowApache Airflow: Configuration information leakage vulnerability
4.3
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
pip/apache-airflowApache Airflow: Improper access control vulnerability in the "List dag warnings" feature
6.5
First published (updated )
Apache AirflowApache Airflow Dag Runs Broken Access Control Vulnerability
4.3
First published (updated )
Apache AirflowApache Airflow: Secrets can be unmasked in the "Rendered Template"
6.5
First published (updated )
Apache AirflowApache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation
5.9
First published (updated )
Apache AirflowApache Airflow: ReDoS via dags function
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowApache Airflow: Security vulnerability on AirFlow Connections
6.5
First published (updated )
Apache AirflowApache Airflow: Access to DAGs without relevant permission
6.5
First published (updated )
Apache AirflowApache Airflow: Information disclosure on configuration view
6.5
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Apache AirflowInformation disclosure in Apache Airflow
5.3
First published (updated )
Apache AirflowApache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
5.5
First published (updated )
Apache AirflowApache Airflow: Open redirect during login
6.1
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 has an open redirect
6.1
First published (updated )
Apache AirflowApache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
6.1
First published (updated )
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.