apache-airflow-providers-smtp

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting apache-airflow-providers-smtppage 1 of 1

CVE-2023-39441MEDIUMCVSS 5.9EG 5.9✓ Fixed in 1.3.0
2023-08-23
vulnerable: 1.0.0 ... 1.3.0rc1 (10 versions)
Apache Airflow SMTP Provider before 1.3.0, Apache Airflow IMAP Provider before 3.3.0, and Apache Airflow before 2.7.0 are affected by the Validation of OpenSSL Certificate vulnerability. The default SSL context with SSL library did not …
CVE-2026-41016MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.0.0
2026-04-30
vulnerable: 2.0.0 ... 3.0.0rc1 (36 versions)
Apache Airflow's SMTP provider `SmtpHook` called Python's `smtplib.SMTP.starttls()` without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server c…

Check whether apache-airflow-providers-smtp is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for apache-airflow-providers-smtp CVEs against the assets you own.

Start Free Scan →