31 matches found
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.5.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +441 more potentially affected by CVE-2026-38743 via apache-airflow-core (>=3.0.0 <=3.2.1)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-38743 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16425769...
acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.5.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +441 more potentially affected by CVE-2026-40690 via apache-airflow-core (>=3.0.0 <=3.2.1)
apache-airflow-core PYPI version =3.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-40690 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16425768...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-25917 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-25917 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16119148...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32228 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32228 Source advisory: OSV:GHSA-H97W-PM3W-MWMC...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32690 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32690 Source advisory: OSV:GHSA-W9R4-94FJ-XP69...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-30912 via apache-airflow-core (>=3.0.0 <=3.1.8rc2)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-30912 Source advisory: OSV:GHSA-W7CF-2PMC-5M4C...
Generation of Error Message Containing Sensitive Information
Overview Affected versions of this package are vulnerable to Generation of Error Message Containing Sensitive Information due to exposing exception/stack trace of errors even if api/exposestacktraces was set to false. That could lead to exposing additional information to potential attacker...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32228 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32228 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16132854...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to allowing users with asset materialize permissions to trigger DAGs outside of their permissions. Remediation Upgrade apache-airflow-core to version 3.2.0b2 or higher. References - Apache Mailing List - GitH...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-30912 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-30912 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16132595...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in redactval, whose secret value redaction sets maxdepth=1 and therefore does not properly extend to values in nested JSON objects. An attacker can see such nested JSON values responses...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-32690 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-32690 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16132506...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-31987 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-31987 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16094667...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2025-54550 via apache-airflow-core (>=3.0.0 <=3.2.0b1)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2025-54550 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16094668...
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data for the accesskey and connectionstring properties, which were not properly masked as sensitive information. An attacker can obtain confidential credentials by accessing the Connection UI...
airflow-clickhouse-plug (=1.6.2), airflow-clickhouse-plugin (=1.6.0) +18 more potentially affected by CVE-2026-33858 via apache-airflow-core (>=3.1.8 <=3.2.0b2)
apache-airflow-core PYPI version =3.1.8, =0.6.0a1, =3.1.8, =1.0.2, =0.0.13, =10.13.0, =1.1.8, =0.0.4, =0.1.0, =12.9.0, =7.1.0, =1.15.20, =1.2.4, =1.9.17, =1.10.13 and more Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-16032065...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2025-57735 via apache-airflow-core (>=3.0.0rc2 <=3.2.0)
apache-airflow-core PYPI version =3.0.0rc2, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2025-57735 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15954280...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization through the waitdagrununtilfinished handler in airflow-core/src/airflow/apifastapi/coreapi/routes/public/dagrun.py. An attacker can read task result values by sending a GET request to the DAG run wait endpoint with...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-34538 via apache-airflow-core (>=3.0.0rc2 <=3.2.0b2)
apache-airflow-core PYPI version =3.0.0rc2, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0rc3, =1.6.0, =1.5.3, =1.25.0rc1, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-34538 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15954288...
airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-26929 via apache-airflow-core (>=3.0.0 <=3.1.8)
apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0a1, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-26929 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674498...