Latest version: v2.10.3
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2021-45230 | 54733 |
In Apache Airflow prior to 2.2.0. This CVE applies to a specific case… |
|
MEDIUM | 6.5 |
| CVE-2021-28359 | 40341 |
Apache-airflow 1.10.15 and 2.0.2 include a fix for CVE-2021-28359: Th… |
|
MEDIUM | 6.1 |
| CVE-2024-39863 | 72254 |
Affected versions of Apache Airflow have a vulnerability that allows … |
|
MEDIUM | 5.4 |
| CVE-2024-25142 | 71856 |
Use of Web Browser Cache Containing Sensitive Information vulnerabili… |
|
MEDIUM | 5.5 |
| CVE-2024-32077 | 71634 |
Apache Airflow affected versions have a vulnerability that allows an … |
|
MEDIUM | 5.4 |
| CVE-2024-31869 | 71686 |
Airflow versions affected versions have a vulnerability that allows a… |
|
- | - |
| CVE-2024-29735 | 71685 |
Apache Airflow affected versions have a vulnerability related to impr… |
|
- | - |
| CVE-2024-26280 | 68489 |
Affected versions of Apache Airflow allow authenticated Ops and Viewe… |
|
- | - |
| CVE-2024-28746 | 71633 |
Apache Airflow affected versions has a vulnerability that allows an a… |
|
HIGH | 8.1 |
| CVE-2023-42781 | 65391 |
Apache Airflow, versions before 2.7.3, has a vulnerability that allow… |
|
MEDIUM | 6.5 |
| CVE-2023-47037 | 65387 |
Compromising versions of Apache Airflow allow authenticated and DAG-v… |
|
MEDIUM | 4.3 |
| CVE-2023-42792 | 65390 |
A security vulnerability exists in versions of Apache Airflow that en… |
|
MEDIUM | 6.5 |
| CVE-2023-42663 | 65393 |
Apache Airflow contains a vulnerability where an authorized user with… |
|
MEDIUM | 6.5 |
| CVE-2023-42780 | 65392 |
A security flaw in Apache Airflow allows authenticated users to view … |
|
MEDIUM | 6.5 |
| CVE-2023-40712 | 65521 |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability… |
|
MEDIUM | 6.5 |
| CVE-2023-40611 | 65394 |
Versions of Apache Airflow are susceptible to a vulnerability permitt… |
|
MEDIUM | 4.3 |
| CVE-2023-49920 | 65198 |
Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that… |
|
MEDIUM | 6.5 |
| CVE-2023-45348 | 65389 |
Apache Airflow is vulnerable to unauthorized sensitive configuration … |
|
MEDIUM | 4.3 |
| CVE-2023-40273 | 65797 |
A session fixation vulnerability allows authenticated users to contin… |
|
HIGH | 8.0 |
| CVE-2023-37379 | 65002 |
Apache Airflow, in versions prior to 2.7.0, contains a security vulne… |
|
HIGH | 8.1 |
| CVE-2023-39441 | 65020 |
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provid… |
|
MEDIUM | 5.9 |
| PVE-2023-60962 | 60962 |
Apache-airflow 2.7.0 disables support for the deserialize flag by def… |
|
- | - |
| PVE-2023-60952 | 60952 |
Apache-airflow 2.7.0 disables default allowing the testing of connect… |
|
- | - |
| CVE-2023-35908 | 71688 |
Apache Airflow affected versions are affected by a vulnerability that… |
|
MEDIUM | 6.5 |
| CVE-2023-36543 | 71687 |
Apache Airflow affected versions have a vulnerability where an authen… |
|
MEDIUM | 6.5 |
| CVE-2023-22888 | 62891 |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability… |
|
MEDIUM | 6.5 |
| PVE-2023-99911 | 62823 |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability… |
|
- | - |
| CVE-2023-22887 | 62890 |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability… |
|
MEDIUM | 6.5 |
| CVE-2022-46651 | 71689 |
Apache Airflow affected versions are affected by a vulnerability that… |
|
MEDIUM | 6.5 |
| PVE-2024-99900 | 64989 |
Apache Airflow, versions before 2.6.3, has a vulnerability where an a… |
|
- | - |
| CVE-2023-47265 | 65188 |
Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnera… |
|
MEDIUM | 5.4 |
| CVE-2023-25754 | 62916 |
Affected version of Apache-airflow are vulnerable to Privilege Contex… |
|
CRITICAL | 9.8 |
| CVE-2023-39508 | 65021 |
Execution with Unnecessary Privileges: Exposure of Sensitive Informat… |
|
HIGH | 8.8 |
| CVE-2023-29247 | 63344 |
The details page for task instances in the user interface is subject … |
|
MEDIUM | 5.4 |
| CVE-2023-35005 | 64198 |
In Apache Airflow, some potentially sensitive values were being shown… |
|
MEDIUM | 6.5 |
| CVE-2024-39877 | 72253 |
Affected versions of Apache Airflow have a vulnerability that allows … |
|
HIGH | 8.8 |
| CVE-2023-46288 | 65796 |
Exposure of Sensitive Information to an Unauthorized Actor vulnerabil… |
|
MEDIUM | 4.3 |
| PVE-2021-42852 | 49787 |
Apache-airflow 2.3.2 and prior versions ship with vulnerable dependen… |
|
HIDDEN | X.Y |
| PVE-2022-47833 | 49785 |
Apache-airflow 2.3.2 and prior versions ship with vulnerable dependen… |
|
HIDDEN | X.Y |
| CVE-2022-29217 | 49786 |
Apache-airflow 2.3.2 and prior versions ship with vulnerable dependen… |
|
HIGH | 7.5 |
| CVE-2023-51702 | 65395 |
A vulnerability has been identified in versions of Airflow where, by … |
|
MEDIUM | 6.5 |
| CVE-2022-40754 | 54715 |
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in … |
|
MEDIUM | 6.1 |
| CVE-2022-40604 | 54551 |
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessaril… |
|
HIGH | 7.5 |
| CVE-2021-37701 | 48616 |
Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to … |
|
HIGH | 8.6 |
| CVE-2021-37713 | 48618 |
Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to … |
|
HIGH | 8.6 |
| CVE-2021-23445 | 48604 |
Apache-airflow 2.3.0 updates its NPM dependency 'datatables.net' to v… |
|
MEDIUM | 6.1 |
| CVE-2021-37712 | 48617 |
Apache-airflow 2.3.0 updates its NPM dependency 'tar' requirement to … |
|
HIGH | 8.6 |
| PVE-2023-60199 | 60199 |
Apache-airflow 2.2.5 includes a fix for a Race Condition vulnerabilit… |
|
- | - |
| CVE-2022-38054 | 54522 |
In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webser… |
|
CRITICAL | 9.8 |
| CVE-2021-35936 | 41181 |
Apache Airflow version 2.1.2 includes a fix for CVE-2021-35936: If re… |
|
MEDIUM | 5.3 |
| CVE-2021-33502 | 48304 |
Apache-airflow 2.1.1 updates NPM dependencies to fix a vulnerability … |
|
HIGH | 7.5 |
| CVE-2020-7753 | 48305 |
Apache-airflow 2.1.0rc1 updates its NPM dependency 'stylelint' to inc… |
|
HIGH | 7.5 |
| CVE-2024-45784 | 74259 |
Apache Airflow affected versions have a vulnerability that can expose… |
|
- | - |
| CVE-2024-50378 | 74262 |
Affected versions of Apache Airflow are vulnerable to Exposure of Sen… |
|
- | - |
| CVE-2024-45034 | 73188 |
Apache Airflow affected versions contain a potential security vulnera… |
|
- | - |
| CVE-2024-45498 | 73187 |
Affected versions of Apache Airflowcontain a critical vulnerability i… |
|
- | - |
| CVE-2024-41937 | 72974 |
Apache Airflow, in affected versions, contains a vulnerability where … |
|
MEDIUM | 6.1 |
| CVE-2023-25696 | 63179 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive pr… |
|
CRITICAL | 9.8 |
| CVE-2023-28706 | 63174 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive pr… |
|
CRITICAL | 9.8 |
| CVE-2023-25691 | 63175 |
Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud p… |
|
CRITICAL | 9.8 |
| CVE-2023-40195 | 63170 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark p… |
|
HIGH | 8.8 |
| CVE-2022-38362 | 63172 |
Apache-airflow before 2.0.0b1 bundles the code for the Docker provide… |
|
HIGH | 8.8 |
| CVE-2023-25956 | 63177 |
Apache-airflow before 2.0.0b1 bundles the code for the Amazon provide… |
|
HIGH | 7.5 |
| CVE-2023-22886 | 63171 |
Apache-airflow before 2.0.0b1 bundles the code for the JDBC provider … |
|
HIGH | 8.8 |
| CVE-2023-25693 | 63178 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Sqoop p… |
|
CRITICAL | 9.8 |
| CVE-2023-25692 | 63176 |
Apache-airflow before 2.0.0b1 bundles the code for the Google Cloud P… |
|
HIGH | 7.5 |
| CVE-2023-28710 | 63173 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Spark p… |
|
HIGH | 7.5 |
| CVE-2022-46421 | 63180 |
Apache-airflow before 2.0.0b1 bundles the code for the Apache Hive pr… |
|
CRITICAL | 9.8 |
| CVE-2021-38540 | 54319 |
The variable import endpoint was not protected by authentication in A… |
|
CRITICAL | 9.8 |
| CVE-2021-26697 | 54461 |
The lineage endpoint of the deprecated Experimental API was not prote… |
|
MEDIUM | 5.3 |
| CVE-2021-26559 | 54168 |
Improper Access Control on Configurations Endpoint for the Stable API… |
|
MEDIUM | 6.5 |
| PVE-2023-99964 | 60877 |
Apache-airflow 1.9.0a0 includes a security fix: An individual with th… |
|
- | - |
| PVE-2023-99965 | 60876 |
Apache-airflow 1.9.0a0 includes a security fix: When navigating to a … |
|
- | - |
| PVE-2022-51848 | 51848 |
Apache-airflow 1.10.3 sets HttpOnly flag to cookies by default. http… |
|
- | - |
| CVE-2018-1000164 | 51833 |
Apache-airflow 1.10.3 updates its dependency 'gunicorn' minimum requi… |
|
HIGH | 7.5 |
| CVE-2018-16516 | 51849 |
Apache-airflow 1.10.3 updates its dependency 'flask-admin' v1.5.3 to … |
|
MEDIUM | 6.1 |
| PVE-2022-48307 | 48307 |
Apache-airflow 1.10.14 starts using a random SECRET_KEY, as it is rec… |
|
- | - |
| CVE-2020-17513 | 39282 |
In Apache Airflow versions prior to 1.10.13, the Charts and Query Vie… |
|
MEDIUM | 5.3 |
| CVE-2020-17515 | 42326 |
The "origin" parameter passed to some of the endpoints like '/trigger… |
|
MEDIUM | 6.1 |
| CVE-2020-13944 | 42325 |
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of… |
|
MEDIUM | 6.1 |
| CVE-2023-46215 | 65388 |
Certain versions of Apache Airflow and its Celery provider are affect… |
|
HIGH | 7.5 |
| PVE-2021-36832 | 36832 |
Apache-airflow 1.10.0 fixes XSS vulnerability in Variable endpoint. … |
|
HIDDEN | X.Y |
| CVE-2024-27906 | 68475 |
** DISPUTED ** Apache Airflow is affected by a vulnerability impactin… |
|
- | - |
| CVE-2023-50944 | 65265 |
Apache Airflow, versions before 2.8.1, have a vulnerability that allo… |
|
MEDIUM | 6.5 |
| CVE-2023-50943 | 65264 |
Apache Airflow, versions before 2.8.1, have a vulnerability that allo… |
|
HIGH | 7.5 |
| CVE-2023-50783 | 65201 |
Apache Airflow, versions before 2.8.0, is affected by a vulnerability… |
|
MEDIUM | 6.5 |
| CVE-2023-48291 | 65191 |
Apache Airflow, in versions before 2.8.0, contains a security vulnera… |
|
MEDIUM | 4.3 |
| PVE-2024-99905 | 64688 |
Apache Airflow, versions before 2.6.3, is affected by a vulnerability… |
|
- | - |
| CVE-2023-25695 | 54667 |
Generation of Error Message Containing Sensitive Information vulnerab… |
|
MEDIUM | 5.3 |
| CVE-2023-22884 | 54620 |
Improper Neutralization of Special Elements used in a Command ('Comma… |
|
CRITICAL | 9.8 |
| CVE-2022-45402 | 54582 |
In Apache Airflow versions prior to 2.4.3, there was an open redirect… |
|
MEDIUM | 6.1 |
| CVE-2022-43985 | 54567 |
In Apache Airflow versions prior to 2.4.2, there was an open redirect… |
|
MEDIUM | 6.1 |
| CVE-2022-43982 | 54568 |
In Apache Airflow versions prior to 2.4.2, the "Trigger DAG with conf… |
|
MEDIUM | 6.1 |
| CVE-2022-41672 | 54508 |
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn… |
|
HIGH | 8.1 |
| CVE-2022-40127 | 54577 |
A vulnerability in Example Dags of Apache Airflow allows an attacker … |
|
HIGH | 8.8 |
| CVE-2022-38170 | 54525 |
In Apache Airflow prior to 2.3.4, an insecure umask was configured fo… |
|
MEDIUM | 4.7 |
| CVE-2022-27949 | 54578 |
A vulnerability in UI of Apache Airflow allows an attacker to view un… |
|
HIGH | 7.5 |
| CVE-2022-40189 | 54587 |
Improper Neutralization of Special Elements used in an OS Command ('O… |
|
CRITICAL | 9.8 |
| CVE-2022-41131 | 54592 |
Improper Neutralization of Special Elements used in an OS Command ('O… |
|
HIGH | 7.8 |
| CVE-2022-40954 | 54588 |
Improper Neutralization of Special Elements used in an OS Command ('O… |
|
MEDIUM | 5.5 |
| CVE-2022-38649 | 54586 |
Improper Neutralization of Special Elements used in an OS Command ('O… |
|
CRITICAL | 9.8 |
| CVE-2021-45229 | 54261 |
It was discovered that the "Trigger DAG with config" screen was susce… |
|
MEDIUM | 6.1 |
| CVE-2022-24288 | 54244 |
In Apache Airflow, prior to version 2.2.4, some example DAGs did not … |
|
HIGH | 8.8 |
| CVE-2017-17835 | 53948 |
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for… |
|
HIGH | 8.8 |
| CVE-2017-12614 | 53928 |
It was noticed an XSS in certain 404 pages that could be exploited to… |
|
MEDIUM | 6.1 |
| CVE-2017-17836 | 53950 |
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature … |
|
CRITICAL | 9.8 |
| CVE-2017-15720 | 53938 |
In Apache Airflow 1.8.2 and earlier, an authenticated user can execut… |
|
HIGH | 8.8 |
| CVE-2019-12417 | 54143 |
A malicious admin user could edit the state of objects in the Airflow… |
|
MEDIUM | 4.8 |
| CVE-2019-12398 | 54139 |
In Apache Airflow before 1.10.5 when running with the "classic" UI, a… |
|
MEDIUM | 4.8 |
| PVE-2024-99796 | 66019 |
Versions of Apache Airflow prior to 1.10.5 expose a vulnerability whe… |
|
- | - |
| CVE-2019-0216 | 54125 |
A malicious admin user could edit the state of objects in the Airflow… |
|
MEDIUM | 4.8 |
| CVE-2019-0229 | 54127 |
A number of HTTP endpoints in the Airflow webserver (both RBAC and cl… |
|
HIGH | 8.8 |
| CVE-2018-20244 | 54020 |
In Apache Airflow before 1.10.2, a malicious admin user could edit th… |
|
MEDIUM | 5.5 |
| CVE-2020-17526 | 54278 |
Incorrect Session Validation in Apache Airflow Webserver versions pri… |
|
HIGH | 7.7 |
| CVE-2020-17511 | 54253 |
In Airflow versions prior to 1.10.13, when creating a user using airf… |
|
MEDIUM | 6.5 |
| CVE-2020-9485 | 54204 |
An issue was found in Apache Airflow versions 1.10.10 and below. A st… |
|
MEDIUM | 6.1 |
| CVE-2020-11982 | 54179 |
An issue was found in Apache Airflow versions 1.10.10 and below. When… |
|
CRITICAL | 9.8 |
| CVE-2020-11983 | 54181 |
An issue was found in Apache Airflow versions 1.10.10 and below. It w… |
|
MEDIUM | 5.4 |
| CVE-2020-11978 | 54349 |
Apache-airflow 1.10.11rc1 includes a fix for CVE-2020-11978: A remote… |
|
HIGH | 8.8 |
| CVE-2020-11981 | 54177 |
An issue was found in Apache Airflow versions 1.10.10 and below. When… |
|
CRITICAL | 9.8 |
| CVE-2020-13927 | 54436 |
Apache-airflow 1.10.11 includes a fix for CVE-2020-13927: The previou… |
|
CRITICAL | 9.8 |
| CVE-2018-20245 | 54021 |
The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth) prior… |
|
HIGH | 7.5 |