apache-airflow-core (=3.0.3), apache-airflow-task-sdk (=1.0.3) potentially affected by CVE-2025-54831 via apache-airflow (=3.0.3)

apache-airflow PYPI version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-core =3.0.3 - apache-airflow-task-sdk =1.0.3 Source cves: CVE-2025-54831 Source advisory: OSV:GHSA-Q475-2PGM-7HVP...

apache-airflow (>=3.0.3 <=3.0.3rc6), apache-airflow-task-sdk (=1.0.3) potentially affected by CVE-2025-54831 via apache-airflow-core (>=3.0.3 <=3.0.3rc6)

apache-airflow-core PYPI version =3.0.3, =3.0.3, =3.0.3rc6 - apache-airflow-task-sdk =1.0.3 Source cves: CVE-2025-54831 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-13053589...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +246 more potentially affected by CVE-2025-54831 via apache-airflow (>=1.10.1 <=3.0.2)

apache-airflow PYPI version =1.10.1, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =1.0.7, =0.4.0, =0.1.0a1, =0.5.1, =1.4.0 and more Source cves: CVE-2025-54831 Source advisory: OSV:PYSEC-2025-85...

CVE-2025-54831

creationtimestamp| type| source ---|---|--- 2025-09-25 14:50:01+00:00| seen| https://seclists.org/oss-sec/2025/q3/198 2025-09-27 13:46:21+00:00| seen| https://bsky.app/profile/technadu.com/post/3lzt4k3aiw22k 2025-09-30 22:33:42+00:00| seen|...