Filter
AND
-Infinity
0

Trending

Last week
Last month
Last year

Apache AirflowApache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow

critical
9.8
First published (updated )
CVE-2023-22884

pip/apache-airflowApache Airflow: Stored XSS Vulnerability on provider link

medium
6.1
First published (updated )
CVE-2024-41937

pip/apache-airflowApache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

medium
5.5
First published (updated )
CVE-2024-25142

pip/apache-airflow-providers-fabApache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow

critical
9.8
First published (updated )
CVE-2024-42447

pip/apache-airflowApache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used

medium
5.3
EPSS
0.04%
First published (updated )
CVE-2024-31869

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Flask-AppBuilderObservable Response Discrepancy in Flask-AppBuilder

medium
5.3
First published (updated )
CVE-2021-29621

Apache AirflowApache Airflow's Experimental API Authentication Bypass

critical
9.8
Exploited
First published (updated )
CVE-2020-13927

Apache AirflowApache Airflow Command Injection

high
8.8
Exploited
First published (updated )
CVE-2020-11978

Apache AirflowApache Airflow: Potential pickle deserialization vulnerability in XComs

high
7.5
First published (updated )
CVE-2023-50943

Apache AirflowApache Airflow: Bypass permission verification to read code of other dags

medium
6.5
First published (updated )
CVE-2023-50944

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-airflowApache Airflow: DAG Params alllow to embed unchecked Javascript

medium
5.4
First published (updated )
CVE-2023-47265

Apache AirflowApache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)

medium
4.3
First published (updated )
CVE-2023-47037

pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

high
7.5
First published (updated )
CVE-2023-46215

pip/apache-airflowApache Airflow: Bypass permission verification to view task instances of other dags

medium
6.5
First published (updated )
CVE-2023-42663

Apache AirflowApache Airflow Dag Runs Broken Access Control Vulnerability

medium
4.3
First published (updated )
CVE-2023-40611

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache AirflowApache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

high
8.1
First published (updated )
CVE-2023-37379

Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

high
8.8
First published (updated )
CVE-2023-39508

Apache AirflowApache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set

medium
4.3
First published (updated )
CVE-2023-46288

Apache AirflowApache Airflow: Configuration information leakage vulnerability

medium
4.3
First published (updated )
CVE-2023-45348

Apache AirflowApache Airflow: Improper access control to DAG resources

medium
6.5
First published (updated )
CVE-2023-42792

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Apache AirflowApache Airflow: Privilege escalation using airflow logs

critical
9.8
First published (updated )
CVE-2023-25754

Apache AirflowInformation disclosure in Apache Airflow

medium
5.3
First published (updated )
CVE-2023-25695

pip/apache-airflowApache Airflow: Potential XSS Vulnerability

high
8.1
First published (updated )
CVE-2024-39863

pip/apache-airflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler

high
8.8
First published (updated )
CVE-2024-39877

pip/apache-airflowApache Airflow: Improper access control vulnerability on the "varimport" endpoint

medium
6.5
First published (updated )
CVE-2023-50783

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/apache-airflowApache Airflow: Missing CSRF protection on DAG/trigger

medium
6.5
First published (updated )
CVE-2023-49920

pip/apache-airflowApache Airflow: Improper access control to DAG resources

medium
4.3
First published (updated )
CVE-2023-48291

Apache AirflowSession fixation in Apache Airflow web interface

high
8
First published (updated )
CVE-2023-40273

Apache AirflowApache Airflow: Open redirect during login

medium
6.1
First published (updated )
CVE-2022-45402

Apache AirflowApache Airflow prior to 2.4.2 has an open redirect

medium
6.1
First published (updated )
CVE-2022-43985

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203