Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
apache airflow vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-25691
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions prior to 8.10.0.
Apache Apache-airflow-providers-google
NA
CVE-2022-38362
Apache Airflow Docker's Provider before 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.
Apache Apache-airflow-providers-docker
NA
CVE-2023-25692
Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions prior to 8.10.0.
Apache Apache-airflow-providers-google
NA
CVE-2023-25956
Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions prior to 7.2.1.
Apache Apache-airflow-providers-amazon
NA
CVE-2023-50943
Apache Airflow, versions prior to 2.8.1, have a vulnerability that allows a potential malicious user to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vul...
Apache Airflow
NA
CVE-2023-50944
Apache Airflow, versions prior to 2.8.1, have a vulnerability that allows an authenticated user to access the source code of a DAG to which they don't have access. This vulnerability is considered low since it requires an authenticated user to exploit it. Users are recommend...
Apache Airflow
4
CVSSv2
CVE-2020-17511
In Airflow versions before 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase. Same happened when creating a Connection with a password field.
Apache Airflow
5
CVSSv2
CVE-2020-17513
In Apache Airflow versions before 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.
Apache Airflow
4.3
CVSSv2
CVE-2020-17515
The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions before 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue com...
Apache Airflow
4.3
CVSSv2
CVE-2020-13944
In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit.
Apache Airflow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »