Lucene search
K

18 matches found

OSV
OSV
added 3 days ago4 views

PYSEC-2026-1150 Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use getsqlalchemyconnection and someone with access to connection resources...

4.3CVSS6AI score0.01263EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/10/31 10:10 a.m.17 views

CVE-2025-62402

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.6AI score0.00476EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/10/30 12:31 p.m.8 views

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS7.7AI score0.00476EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2025/10/30 9:14 a.m.12 views

CVE-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

0.00476EPSS
Exploits0References1
OSV
OSV
added 2025/10/30 9:14 a.m.5 views

CVE-2025-62402 Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available...

5.4CVSS6.4AI score0.00476EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.5 views

Apache Airflow 安全漏洞

Apache Airflow is a set of open source platforms with the ability to create, manage and monitor workflows from the US Apache Apache Foundation. The platform is characterized by scalability and dynamic monitoring. A security vulnerability exists in Apache Airflow, which stems from the...

5.4CVSS7.7AI score0.00476EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.5 views

PT-2025-44368

Name of the Vulnerable Software and Affected Versions API users affected versions not specified Description The API allows code execution within the context of the api-server through the /api/v2/dagReports endpoint. This occurs when the api-server is deployed in an environment where Dag files are...

5.4CVSS6.4AI score0.00476EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-0540

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00343EPSS
Exploits0References16
Veracode
Veracode
added 2024/03/03 11:37 a.m.20 views

Exposure Of Resource To Wrong Sphere

Apache-airflow is vulnerable to Exposure of Resource to Wrong Sphere. The vulnerability is due to improper permission checks in the API and UI components. An attacker can view DAG code and import errors for DAGs they are not authorized to access by exploiting this vulnerability...

5.9CVSS7.2AI score0.00343EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/02/29 11:15 a.m.5 views

PYSEC-2024-245

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

5.9CVSS6.3AI score0.00343EPSS
Exploits0References6
NVD
NVD
added 2024/02/29 11:15 a.m.27 views

CVE-2024-27906

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

5.9CVSS6.3AI score0.00343EPSS
Exploits0References4
Prion
Prion
added 2024/02/29 11:15 a.m.22 views

Security feature bypass

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

7AI score0.00343EPSS
Exploits0References4
CVE
CVE
added 2024/02/29 11:2 a.m.2720 views

CVE-2024-27906

CVE-2024-27906 affects Apache Airflow versions before 2.8.2. The published docs describe a vulnerability where authenticated users can view DAG code and import errors for DAGs they should not be allowed to view via the API and the UI. The primary impact is information disclosure of DAG contents a...

5.9CVSS5.5AI score0.00343EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/02/29 11:2 a.m.14 views

CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

5.9CVSS6.3AI score0.00343EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/02/29 11:2 a.m.9 views

CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

5.6AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/29 11:2 a.m.32 views

CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk...

6.6AI score0.00343EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/01/30 12:0 a.m.7 views

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scenarios in Airflow lies in the lack of authentication. This allows attackers to gain access to the source code of DAGs.

The vulnerability of the software used for creating, monitoring, and orchestrating data processing scenarios in Airflow is related to the lack of authentication. Exploiting this vulnerability can allow a malicious actor to gain access to the source code of DAGs...

4.3CVSS6.6AI score0.00971EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2024/01/25 12:22 p.m.21 views

Improper Authorization

apache-airflow is vulnerable to Improper Authorization. The vulnerability is due to missing access control check while accessing DAG code. An authenticated user can access source code of DAG to which they don't have access to...

6.5CVSS6.8AI score0.00971EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder