GHSA-8R55-RV5W-6PFM Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

Apache Airflow exposes sensitive information in its log files

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

acceldata-o2a (=1.0.0), aglow (>=0.1.0rc3 <=0.1.0rc4) +30 more potentially affected by CVE-2024-56373 via apache-airflow (>=2.0.0 <=2.11.0)

apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.6.0, =0.0.1, =0.6.4, =1.0.0, =0.2.0, =2.10.3, =0.3.12, =1.8.0rc2, =4.3.0, =6.0.1 and more Source cves: CVE-2024-56373 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-15339025...

Template Injection

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Template Injection in dagrun.py. A DAG author can execute arbitrary code in the web server context by manipulating the database to inject...

acceldata-o2a (=1.0.0), aglow (>=0.1.0rc3 <=0.1.0rc4) +30 more potentially affected by CVE-2025-27555 via apache-airflow (>=2.0.0 <=2.11.0)

apache-airflow PYPI version =2.0.0, =0.1.0rc3, =0.1.0, =0.6.0, =0.0.1, =0.6.4, =1.0.0, =0.2.0, =2.10.3, =0.3.12, =1.8.0rc2, =4.3.0, =6.0.1 and more Source cves: CVE-2025-27555 Source advisory: SNYK:PYTHON-APACHEAIRFLOW-15339022...

Insertion of Sensitive Information Into Sent Data

Overview apache-airflow is a platform to programmatically author, schedule, and monitor workflows. Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the form of connection secrets handled by buildmetrics being logged in the audit log. A user...

RHSA-2026:2994 Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.62 SP3 security update

Bulletin has no description...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

CVE-2025-27555 Apache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Airflow versions before 2.11.1 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see. When sensitive connection parameters were set via airflow CLI, values of those variables appeared in the audit log and were...

OSV-2026-297 Security exception in org.apache.poi.util.IOUtils.safelyAllocate

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=486522036 Crash type: Security exception Crash state: org.apache.poi.util.IOUtils.safelyAllocate org.apache.poi.hssf.record.RecordInputStream.readRemainder org.apache.poi.hssf.record.UnknownRecord...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from the ability of...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to execute sensitive SQL functions...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset suffers from a SQL injection vulnerability that can be exploited by an attacker to view, add, modify, or delete arbitrary files on the database...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. A security bypass vulnerability exists in Apache Superset, which can be exploited by an attacker to bypass data access controls...

PT-2026-21679

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An issue exists in Apache Superset that allows an authenticated user with read access to conduct error-based SQL injection. This is due to improper neutralization of special elements used in ...

PT-2026-21680

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 6.0.0 Description An improper authorization issue exists in Apache Superset that allows a low-privileged user to bypass data access controls. Specifically, an authenticated attacker with permissions to write...

PT-2026-21678

Name of the Vulnerable Software and Affected Versions Apache Superset versions prior to 4.1.2 Description Apache Superset uses a configurable dictionary, DISALLOWED SQL FUNCTIONS, to limit the execution of potentially sensitive SQL functions in SQL Lab and charts. A flaw exists because the defaul...

PT-2026-21670

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 2.11.1 Description A user with DAG author permissions can manipulate the Airflow database to execute arbitrary code within the web server context. This could lead to remote code execution on the server-side whe...

Apache Airflow 日志信息泄露漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has a log information disclosure vulnerability. An...

Apache Superset 安全漏洞

Apache Superset is a data visualization and data exploration platform from the Apache USA Foundation. Apache Superset has an information disclosure vulnerability that can be exploited by an attacker to retrieve sensitive user information...