Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-5w6h-pjw6-wvc6
  • PyPI/apache-airflow-providers-keycloak
 apache-airflow-providers-keycloak: Missing OAuth 2.0 State and PKCE Enables Login CSRF and Session Fixation 18 Apr
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-6ffj-2wg2-w45j
  • PyPI/apache-airflow-core
 Apache Airflow allows code execution through crafted XCom payloads 18 Apr
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-h97w-pm3w-mwmc
  • PyPI/apache-airflow-core
 Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions 18 Apr
  • Fix available
  • Severity - 7.5 (High)
GHSA-w7cf-2pmc-5m4c
  • PyPI/apache-airflow-core
 Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false 18 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-w9r4-94fj-xp69
  • PyPI/apache-airflow-core
 Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries 18 Apr
  • Fix available
  • Severity - 3.7 (Low)
GHSA-phv5-vq5p-qhp7
  • PyPI/apache-airflow
 Apache Airflow: JWT token appearing in logs 16 Apr
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-q2hg-643c-gw8h
  • PyPI/apache-airflow
 Apache Airflow: RCE by race condition in example_xcom dag 16 Apr
  • Fix available
  • Severity - 8.1 (High)
GHSA-4g48-54q2-fg7q
  • PyPI/apache-airflow
 Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access 15 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-mc4f-r875-v87w
  • PyPI/apache-airflow
 Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API 13 Apr
  • Fix available
  • Severity - 8.8 (High)
GHSA-j86x-fwp2-qh7v
  • PyPI/apache-airflow
 Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI 13 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-c92r-g8j5-vhcx
  • PyPI/apache-airflow
 Apache Airflow: JWT token still valid after logout 09 Apr
  • Fix available
  • Severity - 9.1 (Critical)
GHSA-r7vr-m4jw-r794
  • PyPI/apache-airflow
 Apache Airflow has an authorization bypass in DagRun wait endpoint 09 Apr
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-wrpj-755p-x363
  • PyPI/apache-airflow
 Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange 31 Mar
  • Fix available
  • Severity - 4.8 (Medium)
GHSA-4fhm-p86v-hwpx
  • PyPI/apache-airflow
 Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications 17 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-8x34-9q3v-h7g8
  • PyPI/apache-airflow
 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization 17 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-x3fv-96qh-67m7
  • PyPI/apache-airflow
 Apache Airflow: DAG authorization bypass 17 Mar
  • Fix available
  • Severity - 4.3 (Medium)
Load more...