apache-airflow

UNKNOWN

PyPI

CVE-2024-28746

CVE-2024-28746

Mar 14, 2024

UNKNOWN

PyPI

CVE-2024-26280

CVE-2024-26280

Mar 1, 2024

HIGH 7.5

PyPI

CVE-2025-68675

CVE-2025-68675

Jan 16, 2026

HIGH 8.8

PyPI

CVE-2024-45498

CVE-2024-45498

Sep 7, 2024

UNKNOWN

PyPI

CVE-2023-50944

CVE-2023-50944

Jan 24, 2024

UNKNOWN

PyPI

CVE-2023-50943

CVE-2023-50943

Jan 24, 2024

MEDIUM 6.5

PyPI

CVE-2026-22922

CVE-2026-22922

Feb 9, 2026

MEDIUM 5.4

PyPI

CVE-2024-32077

CVE-2024-32077

May 14, 2024

UNKNOWN

PyPI

CVE-2023-35005

CVE-2023-35005

Jun 19, 2023

UNKNOWN

PyPI

CVE-2023-29247

CVE-2023-29247

May 8, 2023

UNKNOWN

PyPI

CVE-2023-25754

CVE-2023-25754

May 8, 2023

MEDIUM 6.5

PyPI

CVE-2026-34538

CVE-2026-34538

Apr 9, 2026

HIGH 7.5

PyPI

CVE-2025-66236

CVE-2025-66236

Apr 13, 2026

HIGH 7.5

PyPI

CVE-2025-68438

CVE-2025-68438

Jan 16, 2026

LOW 3.7

PyPI

CVE-2026-32690

CVE-2026-32690

Apr 18, 2026

HIGH 8.1

PyPI

CVE-2026-30911

CVE-2026-30911

Mar 17, 2026

HIGH 8.8

PyPI

CVE-2026-33858

CVE-2026-33858

Apr 13, 2026

HIGH 7.5

PyPI

CVE-2026-28779

CVE-2026-28779

Mar 17, 2026

MEDIUM 4.3

PyPI

CVE-2026-28563

CVE-2026-28563

Mar 17, 2026

MEDIUM 6.5

PyPI

CVE-2026-24098

CVE-2026-24098

Feb 9, 2026

MEDIUM 6.5

PyPI

CVE-2025-54831

CVE-2025-54831

Sep 26, 2025

MEDIUM 6.5

PyPI

CVE-2025-66388

CVE-2025-66388

Dec 15, 2025

MEDIUM 6.5

PyPI

CVE-2026-26929

CVE-2026-26929

Mar 17, 2026

UNKNOWN

PyPI

CVE-2024-27906

CVE-2024-27906

Feb 29, 2024

UNKNOWN

PyPI

CVE-2024-45034

CVE-2024-45034

Sep 7, 2024

MEDIUM 5.5

PyPI

CVE-2024-25142

CVE-2024-25142

Jun 14, 2024

HIGH 8.8

PyPI

CVE-2024-39877

CVE-2024-39877

Jul 17, 2024

MEDIUM 6.1

PyPI

CVE-2024-41937

CVE-2024-41937

Aug 21, 2024

MEDIUM 5.4

PyPI

CVE-2024-39863

CVE-2024-39863

Jul 17, 2024

MEDIUM 6.5

PyPI

CVE-2023-50783

CVE-2023-50783

Dec 21, 2023

MEDIUM 6.5

PyPI

CVE-2023-42792

CVE-2023-42792

Oct 14, 2023

MEDIUM 6.5

PyPI

CVE-2023-49920

CVE-2023-49920

Dec 21, 2023

MEDIUM 4.3

PyPI

CVE-2023-45348

CVE-2023-45348

Oct 14, 2023

MEDIUM 6.5

PyPI

CVE-2023-42780

CVE-2023-42780

Oct 14, 2023

UNKNOWN

PyPI

CVE-2023-25695

CVE-2023-25695

Mar 15, 2023

UNKNOWN

PyPI

CVE-2023-42663

CVE-2023-42663

Oct 14, 2023

UNKNOWN

PyPI

CVE-2023-47037

CVE-2023-47037

Nov 12, 2023

MEDIUM 4.3

PyPI

CVE-2023-48291

CVE-2023-48291

Dec 21, 2023

MEDIUM 5.4

PyPI

CVE-2023-47265

CVE-2023-47265

Dec 21, 2023

UNKNOWN

PyPI

CVE-2023-40712

CVE-2023-40712

Sep 12, 2023

UNKNOWN

PyPI

CVE-2023-42781

CVE-2023-42781

Nov 12, 2023

MEDIUM 4.3

PyPI

CVE-2023-46288

CVE-2023-46288

Oct 23, 2023

UNKNOWN

PyPI

CVE-2023-40611

CVE-2023-40611

Sep 12, 2023

HIGH 8.1

PyPI

CVE-2023-37379

CVE-2023-37379

Aug 23, 2023

UNKNOWN

PyPI

CVE-2023-39508

CVE-2023-39508

Aug 5, 2023

UNKNOWN

PyPI

CVE-2023-35908

CVE-2023-35908

Jul 12, 2023

UNKNOWN

PyPI

CVE-2023-36543

CVE-2023-36543

Jul 12, 2023

HIGH 8.0

PyPI

CVE-2023-40273

CVE-2023-40273

Aug 23, 2023

UNKNOWN

PyPI

CVE-2022-40754

CVE-2022-40754

Sep 21, 2022

UNKNOWN

PyPI

CVE-2022-27949

CVE-2022-27949

Nov 14, 2022

UNKNOWN

PyPI

CVE-2022-43985

CVE-2022-43985

Nov 2, 2022

UNKNOWN

PyPI

CVE-2023-22887

CVE-2023-22887

Jul 12, 2023

UNKNOWN

PyPI

CVE-2022-41672

CVE-2022-41672

Oct 7, 2022

UNKNOWN

PyPI

CVE-2022-45402

CVE-2022-45402

Nov 15, 2022

UNKNOWN

PyPI

CVE-2022-46651

CVE-2022-46651

Jul 12, 2023

UNKNOWN

PyPI

CVE-2022-40127

CVE-2022-40127

Nov 14, 2022

UNKNOWN

PyPI

CVE-2022-43982

CVE-2022-43982

Nov 2, 2022

UNKNOWN

PyPI

CVE-2023-22888

CVE-2023-22888

Jul 12, 2023

UNKNOWN

PyPI

CVE-2022-40604

CVE-2022-40604

Sep 21, 2022

UNKNOWN

PyPI

CVE-2017-12614

CVE-2017-12614

Aug 6, 2018

UNKNOWN

PyPI

CVE-2025-66236

Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Apr 13, 2026

LOW 3.7

PyPI

CVE-2026-32690

Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

Apr 18, 2026

HIGH 8.8

PyPI

CVE-2026-33858

Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Apr 13, 2026

UNKNOWN

PyPI

CVE-2025-54831

Apache Airflow: Connection sensitive details exposed to users with READ permissions

Sep 26, 2025

HIGH 8.8

PyPI

CVE-2024-45498

Apache Airflow vulnerable to Improper Encoding or Escaping of Output

Sep 7, 2024

MEDIUM 6.5

PyPI

CVE-2026-34538

Apache Airflow has an authorization bypass in DagRun wait endpoint

Apr 9, 2026

MEDIUM 5.4

PyPI

CVE-2024-32077

Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

May 14, 2024

MEDIUM 4.3

PyPI

CVE-2026-28563

Apache Airflow: DAG authorization bypass

Mar 17, 2026

HIGH 7.5

PyPI

CVE-2025-68675

Apache Airflow proxy credentials for various providers might leak in task logs

Jan 16, 2026

HIGH 8.1

PyPI

CVE-2026-30911

Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Mar 17, 2026

MEDIUM 6.5

PyPI

CVE-2025-66388

Apache Airflow exposes secret values to authenticated UI users via rendered templates

Dec 15, 2025

HIGH 7.5

PyPI

CVE-2025-68438

Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated

Jan 16, 2026

HIGH 7.5

PyPI

CVE-2026-26929

Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Mar 17, 2026

HIGH 7.5

PyPI

CVE-2026-28779

Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Mar 17, 2026

MEDIUM 6.5

PyPI

CVE-2026-22922

Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log Access

Feb 9, 2026

HIGH 7.5

PyPI

CVE-2026-41084

CVE-2026-41084

Jun 1, 2026

MEDIUM 4.3

PyPI

CVE-2026-41014

CVE-2026-41014

Jun 1, 2026

HIGH 7.3

PyPI

CVE-2026-45360

CVE-2026-45360

Jun 1, 2026

LOW 3.1

PyPI

CVE-2026-45426

CVE-2026-45426

Jun 1, 2026

HIGH 8.8

PyPI

CVE-2026-42359

CVE-2026-42359

Jun 1, 2026

MEDIUM 6.5

PyPI

CVE-2026-45192

CVE-2026-45192

Jun 1, 2026

MEDIUM 6.5

PyPI

CVE-2026-48726

CVE-2026-48726

Jun 1, 2026

MEDIUM 5.9

PyPI

CVE-2026-41017

CVE-2026-41017

Jun 1, 2026

MEDIUM 6.5

PyPI

CVE-2026-40861

CVE-2026-40861

Jun 1, 2026

CRITICAL 9.1

PyPI

CVE-2026-42252

CVE-2026-42252

Jun 1, 2026

MEDIUM 6.5

PyPI

CVE-2026-42360

CVE-2026-42360

Jun 1, 2026

CRITICAL 9.8

PyPI

CVE-2024-42447

CVE-2024-42447

Aug 5, 2024

HIGH 7.5

PyPI

CVE-2026-30912

CVE-2026-30912

Apr 18, 2026

HIGH 7.2

PyPI

CVE-2026-25917

CVE-2026-25917

Apr 18, 2026

CRITICAL 9.8

PyPI

CVE-2025-67895

CVE-2025-67895

Dec 17, 2025

CRITICAL 9.8

PyPI

CVE-2023-25693

CVE-2023-25693

Feb 24, 2023

MEDIUM 6.5

PyPI

CVE-2026-24098

Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users

Feb 9, 2026

MEDIUM 4.3

PyPI

CVE-2026-40690

Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions

Apr 24, 2026

MEDIUM 4.3

PyPI

CVE-2026-38743

Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record

Apr 24, 2026

HIGH 7.5

PyPI

CVE-2026-31987

Apache Airflow: JWT token appearing in logs

Apr 16, 2026

HIGH 8.1

PyPI

CVE-2025-54550

Apache Airflow: RCE by race condition in example_xcom dag

Apr 16, 2026

MEDIUM 6.5

PyPI

CVE-2026-25219

Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

Apr 15, 2026

CRITICAL 9.1

PyPI

CVE-2025-57735

Apache Airflow: JWT token still valid after logout

Apr 9, 2026

MEDIUM 4.8

PyPI

CVE-2026-32794

Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks Provider K8s Token Exchange

Mar 31, 2026

MEDIUM 6.5

PyPI

CVE-2025-27555

Apache Airflow exposes sensitive information in its log files

Feb 24, 2026