Browse Security Advisories
Security Advisories for https://github.com/apache/airflow from github Clear Filters
Moderate
8 months ago
Apache Airflow `/api/v2/dagReports` executes DAG Python in API
pypi
apache-airflow
Critical
12 months ago
Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator
pypi
apache-airflow-providers-snowflake
High
about 1 year ago
Apache Airflow Common SQL Provider Vulnerable to SQL Injection
pypi
apache-airflow-providers-common-sql
Moderate
over 1 year ago
Apache Airflow MySQL Provider is Vulnerable to SQL Injection
pypi
apache-airflow-providers-mysql
Low
over 1 year ago
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
High
over 1 year ago
Apache Airflow: Sensitive configuration values are not masked in the logs by default
pypi
airflow
Low
over 1 year ago
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
pypi
apache-airflow
High
almost 2 years ago
Apache Airflow vulnerable to Execution with Unnecessary Privileges
pypi
apache-airflow
High
almost 2 years ago
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
pypi
apache-airflow
Low
almost 2 years ago
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
High
almost 2 years ago
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
pypi
apache-airflow
Moderate
almost 2 years ago
Apache Airflow Potential Cross-site Scripting Vulnerability
pypi
apache-airflow
Low
about 2 years ago
Apache Airflow does not return the "Cache-Control" header for dynamic content
pypi
apache-airflow
Moderate
about 2 years ago
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
pypi
apache-airflow
Low
about 2 years ago
Improper Certificate Validation vulnerability in Apache Airflow FTP Provider
pypi
apache-airflow-providers-ftp
Moderate
about 2 years ago
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
pypi
apache-airflow
Moderate
about 2 years ago
Apache Airflow Improper Preservation of Permissions vulnerability
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow: DAG Code and Import Error Permissions Ignored
pypi
apache-airflow
Critical
over 2 years ago
Improper Certificate Validation in apache airflow mongo hook
pypi
apache-airflow-providers-mongo
High
over 2 years ago
Apache Airflow: pickle deserialization vulnerability in XComs
pypi
apache-airflow
High
over 2 years ago
Apache Airflow: Bypass permission verification to read code of other dags
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
pypi
apache-airflow-providers-cncf-kubernetes, apache-airflow
Moderate
over 2 years ago
Apache Airflow Cross-Site Request Forgery vulnerability
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow has a stored cross-site scripting vulnerability
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
pypi
apache-airflow
High
over 2 years ago
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
pypi
apache-airflow
High
over 2 years ago
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
pypi
apache-airflow, apache-airflow-providers-celery
Moderate
over 2 years ago
Apache Airflow vulnerable to Exposure of Sensitive Information
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow vulnerable to sensitive information exposure
pypi
apache-airflow
Moderate
over 2 years ago
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
pypi
apache-airflow
High
almost 3 years ago
Apache HDFS Provider error message suggested
pypi
apache-airflow-providers-apache-hdfs
Moderate
almost 3 years ago
Apache Airflow Incorrect Authorization vulnerability
pypi
apache-airflow
High
almost 3 years ago
Apache Airflow vulnerable arbitrary code execution via Spark server
pypi
apache-airflow-providers-apache-spark
High
almost 3 years ago
Airflow Sqoop Provider RCE Vulnerability
pypi
apache-airflow-providers-apache-sqoop
Moderate
almost 3 years ago
Apache Airflow missing Certificate Validation
pypi
apache-airflow, apache-airflow-providers-imap, apache-airflow-providers-smtp
High
almost 3 years ago
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
pypi
apache-airflow-providers-apache-drill
Critical
almost 3 years ago
Apache Airflow Hive Provider Beeline remote code execution with Principal
pypi
apache-airflow-providers-apache-hive
High
almost 3 years ago
Apache Airflow ODBC Provider Argument Injection vulnerability
pypi
apache-airflow-providers-odbc
Moderate
almost 3 years ago
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability
pypi
apache-airflow-providers-odbc
High
about 3 years ago
Apache Airflow vulnerable to exposure of sensitive information
pypi
apache-airflow
Critical
about 3 years ago
Apache Airflow vulnerable to Privilege Context Switching Error
pypi
apache-airflow
Moderate
about 3 years ago
Apache Airflow vulnerable to stored Cross-site Scripting
pypi
apache-airflow
High
about 3 years ago
Apache Airflow Spark Provider vulnerable to improper input validation
pypi
apache-airflow-providers-apache-spark
Critical
about 3 years ago
Apache Airflow Hive Provider vulnerable to code injection
pypi
apache-airflow-providers-apache-hive
High
about 3 years ago
Apache Airflow Drill Provider vulnerable to improper input validation
pypi
apache-airflow-providers-apache-drill
Moderate
over 3 years ago
Sensitive Information in Error Messages in Apache Airflow
pypi
apache-airflow
Critical
over 3 years ago
Apache Airflow Sqoop Provider Improper Input Validation vulnerability
pypi
apache-airflow-providers-apache-sqoop
Critical
over 3 years ago
Apache Airflow Google Provider Improper Input Validation vulnerability
pypi
apache-airflow-providers-google
Critical
over 3 years ago
Apache Airflow Hive Provider Improper Input Validation vulnerability
pypi
apache-airflow-providers-apache-hive
High
over 3 years ago
Apache Airflow Google Provider Improper Input Validation vulnerability
pypi
apache-airflow-providers-google
High
over 3 years ago
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
pypi
apache-airflow-providers-amazon
Critical
over 3 years ago
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
pypi
apache-airflow-providers-mysql, apache-airflow
Critical
over 3 years ago
Apache Airflow Hive Provider vulnerable to Command Injection
pypi
apache-airflow-providers-apache-hive
High
over 3 years ago
OS Command Injection in Apache Airflow
pypi
apache-airflow-providers-apache-hive
High
over 3 years ago
Apache Airflow vulnerable to OS Command Injection via example DAGs
pypi
apache-airflow
High
over 3 years ago
Apache Airflow subject to Exposure of Sensitive Information
pypi
apache-airflow
High
over 3 years ago
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
pypi
apache-airflow
High
over 3 years ago
Apache Airflow vulnerable to Use of Externally-Controlled Format String
pypi
apache-airflow
Critical
about 4 years ago
Missing Authentication for Critical Function in Apache Airflow
pypi
apache-airflow
Moderate
about 4 years ago
Apache Airflow Reflected Cross-site Scripting vulnerability in 404 Endpoint
pypi
apache-airflow
Moderate
about 5 years ago
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
pypi
apache-airflow
Critical
almost 6 years ago
Command injection via Celery broker in Apache Airflow
pypi
apache-airflow
Critical
almost 6 years ago
Insecure default config of Celery worker in Apache Airflow
pypi
apache-airflow
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,661
npm
6,821
packagist
6,503
pypi
6,316
go
4,621
nuget
3,609
cargo
1,550
rubygems
1,047
hex
74
actions
57
swift
51
pub
11
Filter by Package
openclaw
551
moodle/moodle
437
tensorflow
433
tensorflow-cpu
408
tensorflow-gpu
394
magento/community-edition
361
org.jenkins-ci.main:jenkins-core
252
Microsoft.ChakraCore
247
github.com/mattermost/mattermost/server/v8
196
github.com/mattermost/mattermost-server
166
typo3/cms
165
org.apache.tomcat:tomcat
157
com.liferay.portal:release.portal.bom
151
wwbn/avideo
139
pimcore/pimcore
132
com.liferay.portal:release.dxp.bom
125
dolibarr/dolibarr
124
typo3/cms-core
121
Magick.NET-Q16-AnyCPU
119
magento/project-community-edition
119
Magick.NET-Q16-HDRI-AnyCPU
119
parse-server
116
Magick.NET-Q16-HDRI-OpenMP-arm64
115
Magick.NET-Q16-HDRI-x86
114
Magick.NET-Q16-HDRI-x64
114
Magick.NET-Q16-HDRI-arm64
113
Magick.NET-Q16-OpenMP-x64
112
Magick.NET-Q16-x86
112
Magick.NET-Q16-arm64
111
apache-airflow
111
Magick.NET-Q16-OpenMP-arm64
111
Magick.NET-Q8-AnyCPU
111
Django
107
phpmyadmin/phpmyadmin
107
drupal/core
107
open-webui
107
Magick.NET-Q8-OpenMP-arm64
107
Magick.NET-Q16-x64
106
microweber/microweber
105
Magick.NET-Q8-x86
105
Magick.NET-Q8-arm64
104
craftcms/cms
103
thorsten/phpmyfaq
102
Magick.NET-Q8-OpenMP-x64
101
n8n
100
librenms/librenms
100
Magick.NET-Q8-x64
98
symfony/symfony
90
Magick.NET-Q16-HDRI-OpenMP-x64
90
silverstripe/framework
90
flowise
86
org.keycloak:keycloak-services
84
concrete5/concrete5
75
github.com/usememos/memos
75
mlflow
74
shopware/platform
74
drupal/drupal
72
com.fasterxml.jackson.core:jackson-databind
69
getgrav/grav
69
salt
67
apache-superset
66
ansible
65
mantisbt/mantisbt
65
shopware/core
64
Magick.NET-Q16-OpenMP-x86
63
github.com/grafana/grafana
62
actionpack
59
org.apache.struts:struts2-core
59
picklescan
59
github.com/rancher/rancher
58
baserproject/basercms
56
nokogiri
56
directus
56
github.com/hashicorp/vault
55
next
55
org.apache.tomcat.embed:tomcat-embed-core
55
Plone
54
nocodb
54
vllm
53
gogs.io/gogs
53
froxlor/froxlor
53
github.com/siyuan-note/siyuan/kernel
51
mautic/core
50
org.keycloak:keycloak-core
50
rack
50
nova
49
admidio/admidio
49
django
48
gradio
47
electron
47
getkirby/cms
47
snipe/snipe-it
46
pyload-ng
46
github.com/traefik/traefik/v2
45
matrix-synapse
45
org.xwiki.platform:xwiki-platform-oldcore
45
coreutils
44
vyper
44
aiohttp
44
org.elasticsearch:elasticsearch
44
rdiffweb
43
vm2
43
code.gitea.io/gitea
42
k8s.io/kubernetes
42
showdoc/showdoc
42
nilsteampassnet/teampass
42
intelliants/subrion
41
github.com/traefik/traefik/v3
41
plone
41
hono
40
net.mingsoft:ms-mcms
39
io.undertow:undertow-core
39
praisonai
39
wasmtime
39
phpmyfaq/phpmyfaq
38
github.com/mattermost/mattermost-server/v6
38
github.com/zitadel/zitadel
38
github.com/argoproj/argo-cd/v2
37
PraisonAI
37
com.thoughtworks.xstream:xstream
37
DotNetNuke.Core
36
deno
36
com.jfinal:jfinal
36
ci4-cms-erp/ci4ms
36
keystone
35
moin
35
github.com/cilium/cilium
35
org.apache.tomcat:tomcat-catalina
34
github.com/hashicorp/nomad
34
github.com/answerdev/answer
34
pillow
34
github.com/filebrowser/filebrowser/v2
34
org.jenkins-ci.plugins:script-security
34
shopware/shopware
33
praisonaiagents
33
github.com/docker/docker
33
code.vikunja.io/api
33
axios
33
zendframework/zendframework1
32
langflow
32
github.com/hashicorp/consul
32
github.com/argoproj/argo-cd
32
statamic/cms
32
pypdf
32
org.opencms:opencms-core
31
surrealdb
31
contao/core-bundle
31
prestashop/prestashop
31
opencv-python
31
opencv-contrib-python
30
pocketmine/pocketmine-mp
30
org.springframework.security:spring-security-core
30
undici
30
org.apache.solr:solr-core
29
mediawiki/core
28
Pillow
28
phpoffice/phpspreadsheet
28
centreon/centreon
27
github.com/nats-io/nats-server/v2
27
@anthropic-ai/claude-code
26
dompurify
26
github.com/openfga/openfga
26
github.com/ethereum/go-ethereum
26
funadmin/funadmin
26
org.eclipse.jetty:jetty-server
26
github.com/fleetdm/fleet/v4
26
github.com/openbao/openbao
26
pgadmin4
26
openmage/magento-lts
26
cockpit-hq/cockpit
26
org.keycloak:keycloak-parent
26
laravel/framework
25
org.apache.openmeetings:openmeetings-parent
25
openssl-src
25
rubygems-update
25
grumpydictator/firefly-iii
25
typo3/cms-backend
24
magento/core
24
ghost
24
org.xwiki.platform:xwiki-platform-web-templates
23
remdex/livehelperchat
23
github.com/goharbor/harbor
23
activerecord
23
github.com/traefik/traefik
23
litellm
23
org.bouncycastle:bcprov-jdk14
23
puppet
23
ethyca-fides
22
vite
22
weblate
22
ckb
22
tribalsystems/zenario
22
zendframework/zendframework
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
simplesamlphp/simplesamlphp
22
glance
22
october/system
22
Microsoft.AspNetCore.App.Runtime.win-x86
21
langchain
21
fuxa-server
21
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/keycloak/keycloak
90
https://github.com/microweber/microweber
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/usememos/memos
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/ansible/ansible
59
https://github.com/mattermost/mattermost
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/mautic/mautic
46
https://github.com/rancher/rancher
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/vyperlang/vyper
44
https://github.com/concretecms/concretecms
44
https://github.com/ikus060/rdiffweb
42
https://github.com/mantisbt/mantisbt
42
https://github.com/saltstack/salt
42
https://github.com/shopware/platform
42
https://github.com/craftcms/cms
41
https://github.com/directus/directus
41
https://github.com/shopware/shopware
40
https://github.com/star7th/showdoc
39
https://github.com/mmaitre314/picklescan
39
https://github.com/magento/magento2
38
https://github.com/openstack/nova
38
https://github.com/dotnet/runtime
38
https://github.com/gradio-app/gradio
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/octobercms/october
36
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/sparklemotion/nokogiri
35
https://github.com/apache/activemq
34
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/go-gitea/gitea
32
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/cilium/cilium
31
https://github.com/apache/inlong
31
https://github.com/PaddlePaddle/Paddle
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/strapi/strapi
28
https://github.com/electron/electron
28
https://github.com/CVEProject/cvelist
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/gogs/gogs
28
https://github.com/openstack/keystone
28
https://github.com/netty/netty
27
https://github.com/zitadel/zitadel
26
https://github.com/baserproject/basercms
26
https://github.com/geoserver/geoserver
26
https://github.com/github/advisory-database
26
https://github.com/froxlor/froxlor
26
https://github.com/apache/nifi
26
https://github.com/surrealdb/surrealdb
25
https://github.com/langchain-ai/langchain
25
https://github.com/bcgit/bc-java
25
https://github.com/vllm-project/vllm
25
https://github.com/denoland/deno
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/traefik/traefik
25
https://github.com/vercel/next.js
25
https://github.com/pyload/pyload
24
https://github.com/run-llama/llama_index
24
https://github.com/getgrav/grav
24
https://github.com/apache/cxf
24
https://github.com/hashicorp/consul
24
https://github.com/PrestaShop/PrestaShop
23
https://github.com/eclipse/jetty.project
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/moby/moby
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/getkirby/kirby
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/helm/helm
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/nervosnetwork/ckb
22
https://github.com/goharbor/harbor
21
https://github.com/hashicorp/vault
21
https://github.com/laravel/framework
21
https://github.com/undertow-io/undertow
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/OpenNMS/opennms
20
https://github.com/opencast/opencast
20
https://github.com/funadmin/funadmin
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/ethyca/fides
20
https://github.com/huggingface/transformers
19
https://github.com/cloudfoundry/uaa
19
https://github.com/containerd/containerd
19
https://github.com/TYPO3-CMS/core
19
https://github.com/alkacon/opencms-core
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/backstage/backstage
19
https://github.com/intelliants/subrion
19
https://github.com/opencontainers/runc
18
https://github.com/OpenMage/magento-lts
18
https://github.com/apache/camel
18
https://github.com/vaadin/platform
18
https://github.com/rubygems/rubygems
18
https://github.com/ethereum/go-ethereum
17
https://github.com/vantage6/vantage6
17
https://github.com/apache/kylin
17
https://github.com/openfga/openfga
17
https://github.com/mindsdb/mindsdb
17
https://github.com/liufee/cms
17
https://github.com/sequelize/sequelize
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/quarkusio/quarkus
16
https://github.com/etcd-io/etcd
16
https://github.com/tinymce/tinymce
16
https://github.com/hashicorp/nomad
16
https://github.com/dotnet/aspnetcore
16
https://github.com/rusqlite/rusqlite
16
https://github.com/forkcms/forkcms
16
https://github.com/vitejs/vite
16
https://github.com/pyca/cryptography
16
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/zendframework/zendframework
15
https://github.com/containers/podman
15
https://github.com/xuxueli/xxl-job
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/drupal/core
15
https://github.com/cobbler/cobbler
15
https://github.com/nodejs/undici
15
https://github.com/centreon/centreon
15
https://github.com/aio-libs/aiohttp
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/puppetlabs/puppet
15
https://github.com/spring-projects/spring-security
15
https://github.com/dompdf/dompdf
15
https://github.com/decidim/decidim
15
https://github.com/cockpit-hq/cockpit
14
https://github.com/publify/publify
14
https://github.com/ming-soft/MCMS
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/twisted/twisted
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/apache/zeppelin
14
https://github.com/TryGhost/Ghost
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/urllib3/urllib3
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/apache/superset
14
https://github.com/golang/go
14
https://github.com/janeczku/calibre-web
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/h2oai/h2o-3
13
https://github.com/zenml-io/zenml
13
https://github.com/apache/dolphinscheduler
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/openbao/openbao
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/laurent22/joplin
13
https://github.com/dromara/hutool
13
https://github.com/modoboa/modoboa
13
https://github.com/yiisoft/yii2
12
https://github.com/wagtail/wagtail
12
https://github.com/modxcms/revolution
12
https://github.com/nautobot/nautobot
12
https://github.com/codeigniter4/CodeIgniter4
12
https://github.com/YesWiki/yeswiki
12
https://github.com/getsentry/sentry
12
https://github.com/puma/puma
12