Lucene search
K

10 matches found

OSV
OSV
added 5 days ago5 views

PYSEC-2026-276 Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if projects installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if projects installed a...

9.8CVSS5.9AI score0.00823EPSS
Exploits0References8
OSV
OSV
added 2026/06/11 12:58 a.m.14 views

CLEANSTART-2026-NM83456 AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python

Multiple security vulnerabilities affect the airflow-2 package. AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. See references for individual vulnerability details...

9.8CVSS7.3AI score0.02357EPSS
Exploits2References157
OSV
OSV
added 2026/06/08 12:19 p.m.5 views

CLEANSTART-2026-CQ05396 Security fixes for CVE-2025-32962, CVE-2025-58065, CVE-2026-22815, CVE-2026-25645, CVE-2026-26007, CVE-2026-27205, CVE-2026-27459, CVE-2026-30922, CVE-2026-31958, CVE-2026-32597, CVE-2026-33936, CVE-2026-34513, CVE-2026-34514, CVE-2026-34515, CVE-2026-34516, CVE-2026-34517, CVE-2026-34518, CVE-2026-34519, CVE-2026-34520, CVE-2026-34525, CVE-2026-35536, CVE-2026-39892, CVE-2026-41066, CVE-2026-41205, CVE-2026-41425, CVE-2026-42561, CVE-2026-44307, CVE-2026-44431, CVE-2026-44432, CVE-2026-44503, CVE-2026-44681, CVE-2026-45309, CVE-2026-4539, CVE-2026-45409, CVE-2026-48522, CVE-2026-48523, CVE-2026-48524, CVE-2026-48525, CVE-2026-48526, CVE-2026-8838, ghsa-78cv-mqj4-43f7, ghsa-7j59-v9qr-6fq9 applied in versions: 2.11.0-r2, 2.11.2-r1, 2.11.2-r2, 2.11.2-r3

Multiple security vulnerabilities affect the airflow-2 package. These issues are resolved in later releases. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00808EPSS
Exploits12References83
RedhatCVE
RedhatCVE
added 2025/12/18 12:40 p.m.12 views

CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

9.8CVSS7.6AI score0.00823EPSS
Exploits0References1
OSV
OSV
added 2025/12/17 12:15 p.m.4 views

CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

9.8CVSS7.5AI score
Exploits0References3
NVD
NVD
added 2025/12/17 12:15 p.m.8 views

CVE-2025-67895

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

9.8CVSS0.00823EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 11:47 a.m.2 views

CVE-2025-67895 Apache Airflow Providers Edge3: Edge3 Worker RPC RCE on Airflow 2

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and...

7.2AI score0.00823EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 11:47 a.m.35 views

CVE-2025-67895

CVE-2025-67895 describes an RCE in Airflow via the Edge3 Worker RPC when the Edge3 provider is installed and configured on Airflow 2 (before 2.0.0). The issue arises from a non-public API used during development that Dag authors could exploit to execute code in the webserver context. Publicly rel...

9.8CVSS7.2AI score0.00823EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2024/03/26 6:32 p.m.6 views

apache-airflow-providers-smtp (>=1.0.0rc1 <=1.8.1rc1) potentially affected by CVE-2024-29735 via apache-airflow (=2.8.2)

apache-airflow PYPI version =2.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-providers-smtp =1.0.0rc1, =1.8.1rc1 Source cves: CVE-2024-29735 Source advisory: OSV:GHSA-CFF3-5QRP-HQX7...

5.3CVSS6AI score0.0146EPSS
Exploits0
PyPA
PyPA
added 2023/10/14 10:15 a.m.5 views

PYSEC-2023-204

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default.It is recommended to upgrade to a...

4.3CVSS6.4AI score0.01232EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder