airflow

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting airflowpage 1 of 1

CVE-2019-12417MEDIUMCVSS 4.8EG 4.8✓ Fixed in 1.10.6
2019-10-30
vulnerable: 0.6
A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. This also presented a Local File Disclosure vulnerability to any file readable by the webserver …
CVE-2024-45784HIGHCVSS 7.5EG 7.5✓ Fixed in 2.10.3
2024-11-15
vulnerable: 0.6
Apache Airflow versions before 2.10.3 contain a vulnerability that could expose sensitive configuration variables in task logs. This vulnerability allows DAG authors to unintentionally or intentionally log sensitive configuration variables…

Check whether airflow is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for airflow CVEs against the assets you own.

Start Free Scan →