Lucene search
+L

42 matches found

snyk
snyk
added 2026/02/21 4:32 a.m.4 views

Information Exposure

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Information Exposure in the error messages in the UI when a DAG fails during parsing. A user can obtain...

7.1CVSS5.8AI score0.00801EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/02/21 2:14 a.m.1 views

CVE-2025-65995 Apache Airflow: Disclosure of secrets to UI via kwargs

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

5.2AI score0.00801EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/21 2:14 a.m.5 views

CVE-2025-65995

When a DAG failed during parsing, Airflow’s error-reporting in the UI could include the full kwargs passed to the operators. If those kwargs contained sensitive values such as secrets, they might be exposed in the UI tracebacks to authenticated users who had permission to view that DAG. The issue...

5.5AI score0.00801EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/02/21 2:14 a.m.42 views

CVE-2025-65995

Airflow CVE-2025-65995 affects the UI error-reporting path: if a DAG fails during parsing, full operator kwargs (potentially containing secrets) could be exposed in tracebacks to users with DAG viewing permissions. Affected products are Apache Airflow; root cause is leakage of sensitive values vi...

6.5CVSS5.5AI score0.00801EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/02/21 12:0 a.m.13 views

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions of Apache Airflow prior to 3.1.4 and 2.11.1...

6.5CVSS5.8AI score0.00801EPSS
Exploits0References5
veracode
veracode
added 2025/12/01 10:47 a.m.7 views

Denial Of Service (DoS)

vllm is vulnerable to Denial Of Service DoS. The vulnerability is due to unrestricted Jinja template injection through the chattemplate and chattemplatekwargs parameters, where crafted templates can trigger unbounded loops or heavy rendering operations, and attackers can exploit this to exhaust C...

7.3AI score0.00207EPSS
Exploits1References4Affected Software1
nvd
nvd
added 2025/11/21 2:15 a.m.11 views

CVE-2025-62426

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00326EPSS
Exploits0References5
cvelist
cvelist
added 2025/11/21 1:21 a.m.16 views

CVE-2025-62426 vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

6.5CVSS0.00326EPSS
Exploits0References5
osv
osv
added 2025/11/20 9:26 p.m.1 views

GHSA-69J4-GRXJ-J64P vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.1AI score0.00326EPSS
Exploits0References7
github
github
added 2025/11/20 9:26 p.m.10 views

vLLM vulnerable to DoS via large Chat Completion or Tokenization requests with specially crafted `chat_template_kwargs`

Summary The /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the right chattemplatekwargs parameters, it is possible to block processing of the API server for long...

6.5CVSS6.8AI score0.00326EPSS
Exploits0References7Affected Software1
ptsecurity
ptsecurity
added 2025/11/20 12:0 a.m.7 views

PT-2025-47650

Name of the Vulnerable Software and Affected Versions vLLM versions 0.5.5 through 0.11.0 Description vLLM is an inference and serving engine for large language models LLMs. The /v1/chat/completions and /tokenize API endpoints accept a chat template kwargs request parameter that is not properly...

6.8CVSS6.8AI score0.00326EPSS
Exploits0References23
github
github
added 2025/10/07 9:35 p.m.9 views

vLLM: Resource-Exhaustion (DoS) through Malicious Jinja Template in OpenAI-Compatible Server

Summary A resource-exhaustion denial-of-service vulnerability exists in multiple endpoints of the OpenAI-Compatible Server due to the ability to specify Jinja templates via the chattemplate and chattemplatekwargs parameters. If an attacker can supply these parameters to the API, they can cause a...

6.9AI score0.00207EPSS
Exploits1References4Affected Software1
susecve
susecve
added 2025/10/02 11:22 p.m.3 views

SUSE CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

9.8CVSS8AI score0.00583EPSS
Exploits0References4
osv
osv
added 2025/10/01 12:0 a.m.10 views

CVE-2025-59681

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are subject to SQL injection in column aliases, when using a suitably crafted dictionary, with dictionary expansion, as the kwarg...

7.1CVSS8AI score0.00583EPSS
Exploits0References6
cve
cve
added 2025/10/01 12:0 a.m.47 views

CVE-2025-59681

CVE-2025-59681 affects Django: SQL injection in column aliases when using crafted dictionaries via **kwargs passed to QuerySet.annotate(), alias(), aggregate(), or extra() on MySQL/MariaDB. Initial description specifies vulnerable versions: Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 bef...

9.8CVSS7.5AI score0.00583EPSS
Exploits0References4Affected Software1
github
github
added 2023/05/12 8:21 p.m.32 views

Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Impact Internal calls to internal functions with more than 1 default argument are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. In the bar...

7.5CVSS7.1AI score0.00725EPSS
Exploits1References5Affected Software1
osv
osv
added 2023/05/11 10:15 p.m.27 views

PYSEC-2023-79

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.1AI score0.00725EPSS
Exploits1References2
cvelist
cvelist
added 2023/05/11 9:1 p.m.63 views

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...

7.5CVSS7.6AI score0.00725EPSS
Exploits1References2
osv
osv
added 2021/02/26 10:12 a.m.10 views

SUSE-SU-2021:0631-1 Security update for salt

This update for salt fixes the following issues: - Fix regression on cmd.run when passing tuples as cmd bsc1182740 - Allow extrafilerefs as sanitized kwargs for SSH client - Fix errors with virt.update - Fix for multiple for security issues CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-31...

9.8CVSS7.1AI score0.92312EPSS
Exploits8References23
osv
osv
added 2019/08/09 1:15 p.m.7 views

PYSEC-2019-13

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to an error in shallow key transformation, key and index lookups for django.contrib.postgres.fields.JSONField, and key lookups for django.contrib.postgres.fields.HStoreField, were subject to...

9.8CVSS6.9AI score0.47694EPSS
Exploits0References10
Rows per page
Query Builder