5 matches found
PYSEC-2026-773 Remote code execution in Apache Airflow Docker's Provider
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host. Disable loading of example DAGs or upgrade apache-airflow-providers-docker to 3.0.0 or above...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +21 more potentially affected by CVE-2025-66388 via apache-airflow-task-sdk (>=1.0.0rc4 <=1.1.4)
apache-airflow-task-sdk PYPI version =1.0.0rc4, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66388 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-14459396...
abi-ds-utils (=1.0.1), acryl-datahub-airflow-plugin (>=0.8.44.4 <=0.9.2.1rc2) +139 more potentially affected by CVE-2023-29005 via flask-appbuilder (>=1.10.0 <=4.1.4)
flask-appbuilder PYPI version =1.10.0, =0.8.44.4, =0.1.0rc3, =0.1.0, =2022.9.19, =0.2.9b1, =1.0.7, =0.5.1, =0.2.0, =0.1.0, =1.0.0, =0.0.7, =0.0.1, =0.0.3, =0.0.6, =0.0.8 and more Source cves: CVE-2023-29005 Source advisory: OSV:GHSA-9HCR-9HCV-X6PV...
CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...
CVE-2022-38362
Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to authenticated remote code exploit of code on the Airflow worker host...