Lucene search
K

41 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-774 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS5.9AI score0.01826EPSS
Exploits0References6
NVD
NVD
added 2026/07/06 11:16 a.m.14 views

CVE-2026-49297

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS0.01058EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/07/06 9:54 a.m.33 views

CVE-2026-49297 Apache Airflow Google provider: Path traversal via GCS object names → local/SFTP filesystem (GCSToSFTPOperator + GCSTimeSpanFileTransformOperator)

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

0.01058EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/06 9:54 a.m.6 views

EUVD-2026-41869

Apache Airflow's Google provider operators GCSToSFTPOperator and GCSTimeSpanFileTransformOperator joined GCS object names returned by the bucket listing API directly to a destination filesystem path without normalisation or containment check. A user with write access to the source GCS bucket...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References2
CVE
CVE
added 2026/07/06 9:54 a.m.18 views

CVE-2026-49297

Apache Airflow Google provider contains a path traversal flaw in GCSToSFTPOperator and GCSTimeSpanFileTransformOperator: GCS object names from bucket listings are joined to a destination path without normalisation or containment checks. A user with write access to a source GCS bucket could create...

8.1CVSS6.1AI score0.01058EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55450

Name of the Vulnerable Software and Affected Versions dragonfly versions prior to 2.4.4 Description The Dragonfly Manager fails to enforce authentication on specific API endpoints, allowing unauthenticated network-reachable attackers to retrieve sensitive OAuth client secrets. The issue occurs...

6.3CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-277 Apache Airflow Google Provider Improper Input Validation vulnerability

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

9.8CVSS7.3AI score0.01583EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.11 views

apache-airflow-core (>=3.2.0 <=3.2.1), apache-airflow-providers-google (=5.0.0) +10 more potentially affected by CVE-2026-41014 via apache-airflow (>=3.2.0 <=3.2.1rc3)

apache-airflow PYPI version =3.2.0, =3.2.0, =1.2.0, =13.0.2, =7.2.0, =1.18.3, =1.4.2, =2.1.1, =1.10.3, =1.41.2, =1.28.2, =5.6.2, =5.7.17 Source cves: CVE-2026-41014 Source advisory: OSV:PYSEC-2026-182...

4.3CVSS5.7AI score0.00352EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.14 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References1
PyPA
PyPA
added 2026/05/25 10:16 a.m.24 views

PYSEC-2026-166

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/25 10:16 a.m.25 views

CVE-2026-45361

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS0.0059EPSS
Exploits0References3
OSV
OSV
added 2026/05/25 10:16 a.m.9 views

PYSEC-2026-166

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/25 9:34 a.m.50 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

0.0059EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/25 9:34 a.m.15 views

CVE-2026-45361 Apache Airflow Google provider: SSH host key verification disabled in ComputeEngineSSHHook (paramiko AutoAddPolicy default)

Apache Airflow providers-google's ComputeEngineSSHHook disables SSH host-key verification by default, exposing SSH traffic between an Airflow worker and a Compute Engine VM to in-path network attackers who can intercept or modify the session. Users are advised to upgrade to...

5.8AI score0.0059EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 9:34 a.m.33 views

CVE-2026-45361

CVE-2026-45361 affects the Apache Airflow Google provider: ComputeEngineSSHHook disables SSH host-key verification by default, allowing an attacker on-path to intercept or modify SSH sessions between an Airflow worker and a Compute Engine VM. The vulnerability is tied to the ComputeEngineSSHHook ...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.18 views

PT-2026-43023

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-google versions prior to 22.0.0 Description The ComputeEngineSSHHook disables SSH host-key verification by default. This configuration exposes SSH traffic between an Airflow worker and a Compute Engine VM to in-path...

8.1CVSS5.8AI score0.0059EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/09 12:41 p.m.9 views

CVE-2023-25691

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

9.8CVSS6.8AI score0.01583EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0716

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.01826EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-0666

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.01583EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 5:28 a.m.5 views

CVE-2023-25692

Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0...

7.5CVSS6.9AI score0.01826EPSS
Exploits0References1
Rows per page
Query Builder