ROOT-APP-PYPI-CVE-2023-25956 CVE-2023-25956 in rootio-apache-airflow-providers-amazon - Patched by Root

Root has patched CVE-2023-25956 in the rootio-apache-airflow-providers-amazon package for Root:PyPI. Multiple fixed versions available...

Insertion of Sensitive Information into Externally-Accessible File or Directory

Overview apache-airflow-providers-cncf-kubernetes is a Provider for Apache Airflow. Implements apache-airflow-providers-cncf-kubernetes package Affected versions of this package are vulnerable to Insertion of Sensitive Information into Externally-Accessible File or Directory via the exposure of J...

PT-2026-42004

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-amazon versions prior to 9.28.0 Description In the AWS Secrets Manager and SSM Parameter Store secrets backends, the team-scoping logic could resolve a conn id containing a / for example, "my team/conn" to the same pat...

EUVD-2026-17219

Improper Certificate Validation vulnerability in Apache Airflow Provider for Databricks. Provider code did not validate certificates for connections to Databricks back-end which could result in a man-of-a-middle attack that traffic is intercepted and manipulated or credentials exfiltrated w/o...

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...

abi-ds-utils (=1.0.1), acceldata-o2a (=1.0.0) +146 more potentially affected by CVE-2024-29733 via apache-airflow-providers-ftp (>=1.1.0 <=3.6.1)

apache-airflow-providers-ftp PYPI version =1.1.0, =0.8.44.4, =1.4.0.3.post4, =1.4.0.3.post3, =0.1.0rc3, =0.1.0, =0.2.1, =0.2.9b1, =0.4.0, =0.1.0a1, =0.6.0, =0.1.1, =0.6.0 and more Source cves: CVE-2024-29733 Source advisory: OSV:GHSA-3GG8-MC87-CQ3H...