256 matches found
Apache Airflow < 3.2.0 Multiple Vulnerabilities
The version of Apache Airflow installed on the remote host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities, including: - DAG authors who normally should not be able to execute code in the webserver context can craft an XCom payload causing the webserver to execute...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
GHSA-H97W-PM3W-MWMC Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
EUVD-2026-23664
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
CVE-2026-32228
UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue...
PT-2026-33594
Name of the Vulnerable Software and Affected Versions Airflow versions prior to 3.2.0 Description A user with asset materialize permission via the UI or API can trigger DAGs Directed Acyclic Graphs, which are collections of all the tasks you want to run, organized in a way that reflects their...
org.webjars.npm:canvas (>=2.5.0 <=2.6.0), org.webjars.npm:color-thief (=2.2.5) +12 more potentially affected by CVE-2026-29786 via org.webjars.npm:tar (>=0.1.20 <=4.4.19)
org.webjars.npm:tar MAVEN version =0.1.20, =2.5.0, =0.97.5, =0.2.0, =3.4.0, =0.6.19, =2.0.0, =3.1.4, =3.4.1 - org.webjars.npm:tar.gz =1.0.7 Source cves: CVE-2026-29786 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15416076...
CVE-2019-11003
In Materialize through 1.0.0, XSS is possible via the Autocomplete feature...
CVE-2019-11004
In Materialize through 1.0.0, XSS is possible via the Toast feature...
EUVD-2025-178461
Malicious code in ichnology-materialize-neptune-karma npm...
EUVD-2025-177942
Malicious code in materialize-cache-neptune-cosmogenic npm...
Malicious code in zenith-registry-materialize-quasar (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 21e56cf6f9d386fc0387e7eb45edbcbcbfbc0d7739f3829b7448f383ad832400 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-178915
Malicious code in figures-materialize-markdown-pdf-miranda npm...
EUVD-2025-178816
Malicious code in fusion-nextjs-iota-materialize npm...
EUVD-2025-177938
Malicious code in materialize-magnetar-paleontology-cosmochemistry npm...
EUVD-2025-175528
Malicious code in xanadu-dotenv-safe-markdownlint-materialize npm...
EUVD-2025-178848
Malicious code in fornax-materialize-sails-dactyl npm...
EUVD-2025-177935
Malicious code in materialize-repository-dione-aquarius npm...