Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15159)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...

Apache Airflow Information Disclosure Vulnerability (CNVD-2026-15156)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

Apache Airflow Security Bypass Vulnerability (CNVD-2026-15157)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from a security bypass vulnerability that stems...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Security Engineer — Test Task A self-contained Docker environ...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 Exploit Development Demo This repository demon...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache HTTP Server 2.4.49 Path Traversal / RC...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache HTTP Server 2.4.49 Path Traversal / RC...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability

A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...

Exploit for Path Traversal in Apache Http_Server

CVE-2021-41773 — Apache Path Traversal & RCE Internship Tas...

BIT-AIRFLOW-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Apache Airflow versions 3.1.0 through 3.1.7 missing authorization vulnerability in the Execution API's Human-in-the-Loop HITL endpoints that allows any authenticated task instance to read, approve, or reject HITL workflows belonging to any other task instance. Users are recommended to upgrade to...

BIT-AIRFLOW-2026-28563 Apache Airflow: DAG authorization bypass

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized DAG IDs. This allows an authenticated user with only DAG Dependencies permission to enumerate DAGs they are not authorized to view. Users are recommended to...

Exploit for Path Traversal in Apache Http_Server

Vulnerability Research Lab Project Summary This project p...

Exploit for Path Traversal in Apache Http_Server

CVE Reproduction Lab Overview This project is a cybersecu...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-26929 via apache-airflow-core (>=3.0.0 <=3.1.8)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-26929 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674498...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-28563 via apache-airflow-core (>=3.0.0 <=3.1.8)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-28563 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674492...

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plug (=1.6.2) +37 more potentially affected by CVE-2026-28779 via apache-airflow-core (>=3.0.0 <=3.1.8)

apache-airflow-core PYPI version =3.0.0, =0.7.0, =1.5.0, =0.6.1, =1.10.7, =0.6.0, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =3.12.0rc1 and more Source cves: CVE-2026-28779 Source advisory: SNYK:PYTHON-APACHEAIRFLOWCORE-15674486...

Exposure of Resource to Wrong Sphere

Overview apache-airflow-providers-fab is a Provider package apache-airflow-providers-fab for Apache Airflow Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere due to improper handling of the session token cookie path. An attacker can gain unauthorized access ...