10 matches found
PYSEC-2026-276 Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...
CLEANSTART-2026-NM83456 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python
Multiple security vulnerabilities affect the airflow-2 package. AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. See references for individual vulnerability details...
CLEANSTART-2026-CQ05396 Security fixes for CVE-2025-32962, CVE-2025-58065, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27205, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-33936, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-39892, CVE-2026-41066, CVE-2026-41205, CVE-2026-41425, CVE-2026-42561, CVE-2026-44307, CVE-2026-44431, CVE-2026-44432, CVE-2026-44503, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-45409, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-8838, ghsa-78cv-mqj4-43f7, ghsa-7j59-v9qr-6fq9 applied in versions: 2.11.0-r2, 2.11.2-r1, 2.11.2-r2, 2.11.2-r3
Multiple security vulnerabilities affect the airflow-2 package. These issues are resolved in later releases. See references for individual vulnerability details...
CVE-2025-67895
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...
CVE-2025-67895
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...
CVE-2025-67895
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...
CVE-2025-67895 Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2
Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...
CVE-2025-67895
CVE-2025-67895 describes an RCE in Airflow via the Edge3 Worker RPC when the Edge3 provider is installed and configured on Airflow 2 (before 2.0.0). The issue arises from a non-public API used during development that Dag authors could exploit to execute code in the webserver context. Publicly rel...
apache-airflow-providers-smtp (>=1.0.0rc1 <=1.8.1rc1) potentially affected by CVE-2024-29735 via apache-airflow (=2.8.2)
apache-airflow PYPI version =2.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-providers-smtp =1.0.0rc1, =1.8.1rc1 Source cves: CVE-2024-29735 Source advisory: OSV:GHSA-CFF3-5QRP-HQX7...
PYSEC-2023-204
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...