Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS00NmMzLTV4YzUtd3dods4ABBYW
Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 days ago
Low
GSA_kwCzR0hTQS1qODU3LTJwd20tamptbc4ABBF-
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 13 days ago
High
GSA_kwCzR0hTQS05MnhnLWdtcnEtNWMzd84AA_W0
Apache Airflow vulnerable to Execution with Unnecessary Privileges
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 2 months ago
High
GSA_kwCzR0hTQS1jMzkyLXdocGMtdmZwcs4AA_Wx
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13N2NwLWc4djctcjU0bc4AA-2D
Apache Airflow Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS02MnFmLXFtM2ctZnZjd84AA-Xi
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-fab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1nNWh2LXI3NDMtdjhwbc4AA9-F
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNDgyLTQ3eGYtcDI1Y84AA9-G
Apache Airflow Potential Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 4 months ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01MmdtLXFtZzMtcjRxcM4AA8CD
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zZ2c4LW1jODctY3EzaM4AA7OB
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
Ecosystems: pypi
Packages: apache-airflow-providers-ftp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions Ignored
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS14NXBtLWgzM3EtY2pyd84AA5Zl
Improper Certificate Validation in apache airflow mongo hook
Ecosystems: pypi
Packages: apache-airflow-providers-mongo
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 9 months ago
High
GSA_kwCzR0hTQS12bTVtLXFtcngtZnc4d84AA4qc
Apache Airflow: Bypass permission verification to read code of other dags
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tZzJ4LW1nZ2otNjk1Nc4AA4qb
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Ecosystems: pypi
Packages: apache-airflow-providers-cncf-kubernetes, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ
Apache Airflow: pickle deserialization vulnerability in XComs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02bTlyLTd3cngteG1yNs4AA39d
Apache Airflow Cross-Site Request Forgery vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01OTM4LTc5aGcteGgzcc4AA39c
Apache Airflow Improper Access Control vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04ZjU3LXdjbWctNGptaM4AA39V
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1weGNoLXdyN20tcnd4as4AA39U
Apache Airflow has a stored cross-site scripting vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 11 months ago
High
GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obTlyLTdmODQtMjVjOc4AA3Cv
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC
Apache Airflow vulnerable to Exposure of Sensitive Information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci
Apache Airflow vulnerable to privilege escalation
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg
Apache Airflow vulnerable to sensitive information exposure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS01aGo5LW03NmcteHJjOM4AA13e
Apache HDFS Provider error message suggested
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hdfs
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tanFoLXY1ZjItZzJtd84AA11j
Apache Airflow information exposure vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cGc4LW1mNmgtZ205Ms4AA11i
Apache Airflow Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nM205LXByNW0tNGN2cM4AA1hq
Airflow Sqoop Provider RCE Vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-sqoop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS04cTI4LXB3OWctdzgyY84AA1hs
Apache Airflow vulnerable arbitrary code execution via Spark server
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wbTg3LTI0d3Etcjh3Oc4AA1eM
Apache Airflow Session Fixation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS14Mm1oLThmbWMtcnFnaM4AA1eL
Apache Airflow denial of service vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01ZjM1LXBxMzQtYzg3cc4AA1eK
Apache Airflow missing Certificate Validation
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-imap, apache-airflow-providers-smtp
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcTR2LTZ2ZzQtNzk2Y84AA1P3
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-drill
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yNjl4LXBnNWMtNXhnbc4AA1D-
Apache Airflow Execution with Unnecessary Privileges
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zaDRtLW01NXYtZ3g0bc4AA0pL
Apache Airflow Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS01OTQ2LThwMzgtdmZmcM4AA0pU
Apache Airflow Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yaDg0LTNjcnEtdmdmas4AA0pT
Apache Airflow Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO
Apache Airflow Path Traversal vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS14dnc5LTNtaG0teGpxcc4AA0pJ
Apache Airflow information disclosure vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oZzZjLXFxY20tcjc5cs4AA0Le
Apache Airflow Hive Provider Beeline remote code execution with Principal
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNTd3LTgyNnAtNDZqcs4AA0Ff
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-microsoft-mssql, apache-airflow-providers-odbc
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS05NzY2LXYyOWMtNHZtN84AA0Fd
Apache Airflow ODBC Provider Argument Injection vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-odbc
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tamZmLXd2ODUtaG1jas4AAz7T
Apache Airflow vulnerable to exposure of sensitive information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qY2htLWZtNHEtYzJmcM4AAzHG
Apache Airflow vulnerable to Privilege Context Switching Error
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Y2Y2LTN3djItNXZjcs4AAzHH
Apache Airflow vulnerable to stored Cross-site Scripting
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS04NXBmLXI0YzctM2o5cs4AAyn4
Apache Airflow Drill Provider vulnerable to improper input validation
Ecosystems: pypi
Packages: apache-airflow-providers-apache-drill
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mZmo5LTRjcmMtcTd3Zs4AAyn3
Apache Airflow Spark Provider vulnerable to improper input validation
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01Y3ZnLTlwcDUtbXhjas4AAyn2
Apache Airflow Hive Provider vulnerable to code injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNmc1LXdxcXItM213M84AAyIE
Sensitive Information in Error Messages in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Njk1LXAzajUtaHJqOc4AAxzH
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
Ecosystems: pypi
Packages: apache-airflow-providers-amazon
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05bXdmLW13NzQtOWN2Nc4AAxzN
Apache Airflow Hive Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qNjl4LXY0d2MtM2ZwZs4AAxzJ
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-sqoop
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oOHAyLThnNzItcXBnaM4AAxzI
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Ecosystems: pypi
Packages: apache-airflow-providers-mysql, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jbTQzLWYycHYtNnY2OM4AAwAB
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ybWYyLXB3ZnEtaDc1as4AAwAD
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03d3FmLWgzNnctNDdtY84AAwAE
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NXI2LWozY2MtNm14eM4AAwAC
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yZzk0LTg0eGotN2dxM84AAv3Z
Apache Airflow Contains Open Redirect
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mdncyLTJwZjctNzd2d84AAv2h
Apache Airflow subject to Exposure of Sensitive Information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS02cHczLThoOXctMzJnY84AAv2i
Apache Airflow vulnerable to OS Command Injection via example DAGs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNjNyLTl4eGYtZjJjN84AAvr2
Apache Airflow Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mOWZxLTc4Y2gtNHdtas4AAvr3
Apache Airflow Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcThyLWYzcGotM2djNM4AAvNL
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cnA0LTc0OXAtdngyNs4AAu_Y
Apache Airflow vulnerable to Use of Externally-Controlled Format String
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00Zmc1LWo0bW0td2ZwZ84AAu_X
Apache Airflow contains open redirect
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xOGg5LXBxY3gtNTlod84AAunZ
Apache Airflow exposes arbitrary file content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oODhmLXI3Y3ctOGZ2M84AAp4C
Missing Authentication for Critical Function in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjI1LTl3Z2oteGc3Nc4AAWPs
Apache Airflow Reflected Cross-site Scripting vulnerability in 404 Endpoint
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NXh3LXBjcXctaGpyaM0vEA
Apache Airflow Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02aDItang5di01OHc2
Missing Authorization in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4eHYtcDc4ci00ZmM2
Cross-site Scripting in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoMzctY3g4My1xNTQy
Improper Authentication in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwd3EtZmo4OS02cmpj
Apache Airflow Cross-site Scripting
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoeDktcDY5di1jeDJq
Authentication bypass in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdteDUteDM3Mi14aDg3
Incorrect Session Validation in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2dnAteDNwci03OXJ4
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM3AtZmN2bS14aDdj
SSRF vulnerability in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Y3EtZ21jMy1xNm04
Apache Airflow logs passwords in plaintext
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NnItcWZqai1jMjR3
Command injection via Celery broker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2bXEtNHg2Ni1xN2oz
Remote code execution (RCE) in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnMnctNWYzdi1tZm1t
Insecure default config of Celery worker in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmctcTU3di1tampj
XSS in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzcDQtZ3c3ci13cWpj
Apache Airflow vulnerable to XSS and local file disclosure
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwN3YtMmp2ai12NTRy
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y3YtOGN2di02NjZj
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cmMteDg0cS1wdjRm
Improper Certificate Validation in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d3YtcmpybS01NzZw
Cross-Site Request Forgery (CSRF) in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmZzQtajU2Mi1tanJj
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 6 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5,530
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 46 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 github.com/hashicorp/vault 37 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 com.jfinal:jfinal 36 moin 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 matrix-synapse 35 k8s.io/kubernetes 35 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 github.com/argoproj/argo-cd 31 keystone 31 parse-server 31 opencv-python 31 opencv-contrib-python 31 Pillow 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 pillow 26 openssl-src 26 prestashop/prestashop 26 electron 26 directus 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/cilium/cilium 25 gogs.io/gogs 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 remdex/livehelperchat 23 rack 23 zendframework/zendframework 23 puppet 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 ckb 22 tribalsystems/zenario 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 code.gitea.io/gitea 20 funadmin/funadmin 20 @openzeppelin/contracts 20 laravel/framework 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 glance 20 org.xwiki.platform:xwiki-platform-web-templates 19 DotNetNuke.Core 19 wasmtime 19 org.springframework:spring-core 19 contao/contao 19 github.com/goharbor/harbor 19 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 forkcms/forkcms 18 github.com/traefik/traefik/v2 18 cobbler 18 topthink/framework 18 cockpit-hq/cockpit 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 golang.org/x/net 18 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 helm.sh/helm/v3 17 genix/cms 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 notebook 17 opencart/opencart 17 symfony/security 17 neutron 16 github.com/zitadel/zitadel 16 phpbb/phpbb 16 tinymce 16 pyload-ng 16 org.apache.jspwiki:jspwiki-main 16 sequelize 16 paddlepaddle 16 org.apache.activemq:activemq-client 16 PaddlePaddle 16 typo3/cms-backend 16 org.bouncycastle:bcprov-jdk15 16 cryptography 16 yetiforce/yetiforce-crm 16 org.apache.dubbo:dubbo 16 openmage/magento-lts 16 rusqlite 16 OctoPrint 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 ethyca-fides 15 ghost 15 calibreweb 15 october/system 15 ckeditor4 15 symfony/security-http 15 smarty/smarty 15 publify_core 14 github.com/containerd/containerd 14 org.apache.tomcat:tomcat-coyote 14 bolt/bolt 14 activesupport 14 org.apache.inlong:manager-pojo 14 modoboa 14 pyftpdlib 14 org.xwiki.platform:xwiki-platform-web 14 swagger-ui 14 feehi/cms 14 phpmailer/phpmailer 14 dompdf/dompdf 14 github.com/nats-io/nats-server/v2 14 joplin 14 camaleon_cms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/etcd-io/etcd 16 https://github.com/TYPO3-CMS/core 16 https://github.com/OpenMage/magento-lts 16 https://github.com/tinymce/tinymce 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/mattermost/mattermost 16 https://github.com/pyload/pyload 16 https://github.com/rusqlite/rusqlite 16 https://github.com/backstage/backstage 16 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/decidim/decidim 15 https://github.com/denoland/deno 15 https://github.com/zendframework/zendframework 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyca/cryptography 15 https://github.com/puppetlabs/puppet 15 https://github.com/dompdf/dompdf 15 https://github.com/ethyca/fides 15 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/laurent22/joplin 13 https://github.com/dromara/hutool 13 https://github.com/apache/dolphinscheduler 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/openfga/openfga 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/containers/podman 12 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/openstack/glance 11 https://github.com/yiisoft/yii2 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/pomerium/pomerium 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/drupal/core 11 https://github.com/spring-projects/spring-security 11 https://github.com/Sylius/Sylius 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/nautobot/nautobot 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nocodb/nocodb 10 https://github.com/pgadmin-org/pgadmin4 10