CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

35 matches found

OSV•added 2026/06/05 5:40 a.m.•6 views

BIT-AIRFLOW-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

A bug in Apache Airflow's rendered-template field handling caused nested sensitive-key masking e.g. nested password / token / secret / apikey keys inside a JSON template structure to be bypassed when the rendered field exceeded core maxtemplatedfieldlength: Airflow stringified the structure befor...

6.5CVSS5.4AI score0.00335EPSS

Exploits0References3

OSV•added 2026/06/01 9:16 a.m.•3 views

PYSEC-2026-172

6.5CVSS5.8AI score0.00335EPSS

Exploits0References2

EUVD•added 2026/06/01 7:50 a.m.•13 views

EUVD-2026-33590

7.5CVSS5.8AI score0.00586EPSS

Exploits0References2

Vulnrichment•added 2026/06/01 7:50 a.m.•10 views

CVE-2026-42360 Apache Airflow: Rendered template truncation bypasses nested sensitive-key masking

5.8AI score0.00335EPSS

Exploits0References2

OSV•added 2026/01/21 8:39 a.m.•5 views

BIT-AIRFLOW-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed core maxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS5.5AI score0.00586EPSS

Exploits0References3

RedhatCVE•added 2026/01/17 11:25 a.m.•7 views

CVE-2025-68438

7.5CVSS6.7AI score0.00586EPSS

Exploits0References1

Snyk•added 2026/01/16 12:30 p.m.•1 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the serialization for rendered...

7.5CVSS5.7AI score0.00586EPSS

Exploits0References2

Github Security Blog•added 2026/01/16 12:30 p.m.•8 views

Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncated

7.5CVSS6.8AI score0.00586EPSS

Exploits0References5Affected Software1

OSV•added 2026/01/16 11:16 a.m.•3 views

CVE-2025-68438

7.5CVSS5.5AI score

Exploits0References2

PyPA•added 2026/01/16 11:16 a.m.•7 views

PYSEC-2026-9

In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed coremaxtemplatedfieldlength, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instance that did not include...

7.5CVSS5.8AI score0.00586EPSS

Exploits0References3Affected Software1

NVD•added 2026/01/16 11:16 a.m.•3 views

CVE-2025-68438

7.5CVSS0.00586EPSS

Exploits0References2

ATTACKERKB•added 2026/01/16 10:6 a.m.•4 views

CVE-2025-68438

7.5CVSS5.3AI score0.00586EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/01/16 10:6 a.m.•27 views

CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

0.00586EPSS

Exploits0References1

EUVD•added 2026/01/16 10:6 a.m.•2 views

EUVD-2026-2913

7.5CVSS6.2AI score0.00586EPSS

Exploits0References4

Vulnrichment•added 2026/01/16 10:6 a.m.•3 views

CVE-2025-68438 Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

6.3AI score0.00586EPSS

Exploits0References1

CVE•added 2026/01/16 10:6 a.m.•35 views

CVE-2025-68438

Apache Airflow prior to 3.1.6 is affected. When rendering template fields in a Dag that exceed max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI because the secrets masker did not include user-registered mask_secret() patterns, leading to inco...

7.5CVSS6.3AI score0.00586EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/01/16 12:0 a.m.•3 views

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.1.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of...

7.5CVSS5.8AI score0.00586EPSS

Exploits0References3

Positive Technologies•added 2026/01/15 12:0 a.m.•3 views

PT-2026-3232

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.6 Description Apache Airflow versions before 3.1.6 did not properly handle sensitive information within proxy URLs in Connection objects. Specifically, proxy credentials embedded in the proxies and proxy...

7.8CVSS6.4AI score0.01979EPSS

Exploits0References18

Veracode•added 2026/01/05 3:55 p.m.•5 views

Sensitive Information Disclosure

apacheairflow is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper redaction of secret values in rendered templates, which allows authenticated users to view sensitive secrets without appropriate authorization...

6.5CVSS6.7AI score0.00406EPSS

Exploits0References5Affected Software1

RedhatCVE•added 2025/12/17 10:2 a.m.•2 views

CVE-2025-66388

A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this...

6.5CVSS6.7AI score0.00406EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by