PYSEC-2025-86

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2025-86.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-86

Aliases

Published

2025-12-15T12:15:40.573Z

Modified

2026-06-10T17:00:26.439825949Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization.

Users are recommended to upgrade to version 3.1.4, which fixes this issue.

References

Affected packages

PyPI / apache-airflow

Package

Name: apache-airflow; View open source insights on deps.dev
Purl: pkg:pypi/apache-airflow

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.1.0

Fixed

3.1.4

Affected versions

3.*

3.1.0

3.1.1rc1

3.1.1rc2

3.1.1

3.1.2rc1

3.1.2rc2

3.1.2

3.1.3rc1

3.1.3

3.1.4rc1

3.1.4rc2

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/apache-airflow/PYSEC-2025-86.yaml"