CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

vulnersOsv•added 2026/06/01 8:16 a.m.•2 views

acryl-datahub-airflow-plugin (>=0.8.35.6 <=1.6.0rc1), acryl-datahub-airflow-plugin-hcc-patched (>=1.4.0.3.post1 <=1.4.0.3.post2) +446 more potentially affected by CVE-2026-45192 via apache-airflow-task-sdk (>=1.0.0 <=1.2.2)

apache-airflow-task-sdk PYPI version =1.0.0, =0.8.35.6, =1.4.0.3.post1, =1.0.0, =0.0.9.2, =0.1.0rc0, =0.1.0, =0.1.2, =1.0.1, =0.1.0, =1.0.0, =0.0.1, =0.0.5 and more Source cves: CVE-2026-45192 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-17132596...

6.5CVSS5.4AI score0.0041EPSS

Snyk•added 2026/06/01 8:16 a.m.•7 views

Insertion of Sensitive Information Into Sent Data

6.5CVSS6AI score0.0041EPSS

Exploits0References3

OSV•added 2026/05/19 9:32 p.m.•4 views

GHSA-524W-VQ63-2XHF Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

JWT tokens that were used by workers in Kubernetes Executors have been exposed to users who had read only access to Kuberentes Pods. This could allow users with just read-only access to perform actions that were only available to running tasks via Task SDK and potentially allow to modify state of...

8.7CVSS5.5AI score0.00157EPSS

Exploits0References5

NVD•added 2026/05/19 8:16 p.m.•10 views

CVE-2026-27173

8.7CVSS0.00157EPSS

Exploits0References3

ATTACKERKB•added 2026/05/19 7:19 p.m.•7 views

CVE-2026-27173

8.7CVSS5.8AI score0.00157EPSS

Exploits0References3

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-42001

Name of the Vulnerable Software and Affected Versions Apache Airflow affected versions not specified Description JWT tokens used by workers in Kubernetes Executors are exposed to users with read-only access to Kubernetes Pods. This exposure allows users with limited permissions to perform actions...

8.7CVSS5.8AI score0.00157EPSS

Exploits0References9

vulnersOsv•added 2026/04/13 4:12 p.m.•2 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-66236 via apache-airflow-task-sdk (>=1.0.0 <=1.1.4)

apache-airflow-task-sdk PYPI version =1.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-66236 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-16032067...

7.5CVSS5.8AI score0.00439EPSS

Snyk•added 2026/04/13 4:12 p.m.•1 views

Insertion of Sensitive Information into Log File

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File which had masksecret applied. The DAG run logs UI exposes...

7.5CVSS5.9AI score0.00439EPSS

vulnersOsv•added 2026/04/13 4:12 p.m.•2 views

apache-airflow (>=3.2.0b1 <=3.2.0b2) potentially affected by CVE-2026-33858 via apache-airflow-task-sdk (>=1.2.0b1 <=1.2.0b2)

apache-airflow-task-sdk PYPI version =1.2.0b1, =3.2.0b1, =3.2.0b2 Source cves: CVE-2026-33858 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-16032066...

8.8CVSS5.4AI score0.0056EPSS

Snyk•added 2026/04/13 4:12 p.m.•1 views

Deserialization of Untrusted Data

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the XCom API. A privileged DAG Author can execute code on the...

8.8CVSS6.1AI score0.0056EPSS

OSV•added 2026/03/22 6:27 p.m.•6 views

MAL-2026-2079 Malicious code in @emilgroup/task-sdk-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d10e089e1ab5774c571e6a0f5c650a044301456e9558509c051d38dce51eac73 The package @emilgroup/task-sdk-node was found to contain malicious code. Source: ghsa-malware...

5.8AI score

OSSF Malicious Packages•added 2026/03/22 6:26 p.m.•6 views

Malicious code in @emilgroup/task-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e4aef8ca2987206595d5c54a2df6265669bdb67ca99915bb763ac38f2d6a46d7 The package @emilgroup/task-sdk was found to contain malicious code. Source: ghsa-malware...

5.8AI score

OSV•added 2026/03/22 6:26 p.m.•5 views

MAL-2026-2078 Malicious code in @emilgroup/task-sdk (npm)

5.8AI score

Snyk•added 2026/03/19 11:0 p.m.•4 views

Embedded Malicious Code

Overview @emilgroup/task-sdk is an A new version of the package Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. Th...

9.8CVSS5.8AI score

vulnersOsv•added 2026/03/17 12:30 p.m.•3 views

apache-airflow-core (>=3.1.0 <=3.1.7), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2026-30911 via apache-airflow (>=3.1.0 <=3.1.7)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-30911 Source advisory: OSV:GHSA-8X34-9Q3V-H7G8...

8.1CVSS5.4AI score0.00409EPSS

vulnersOsv•added 2026/02/21 4:32 a.m.•1 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +20 more potentially affected by CVE-2025-65995 via apache-airflow-task-sdk (>=1.0.0 <=1.1.4)

apache-airflow-task-sdk PYPI version =1.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-65995 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-15325636...

6.5CVSS5.8AI score0.00801EPSS

vulnersOsv•added 2026/01/16 12:30 p.m.•3 views

airflow-balancer (>=0.7.0 <=0.7.6), airflow-clickhouse-plugin (=1.5.0) +28 more potentially affected by CVE-2025-68438 via apache-airflow-task-sdk (>=1.0.0 <=1.1.6)

apache-airflow-task-sdk PYPI version =1.0.0, =0.7.0, =0.6.1, =1.10.7, =0.1.0, =1.4.3, =1.2.10, =0.1.1, =3.0.0, =3.0.0, =1.6.0, =1.5.3, =1.25.0, =3.12.0, =0.0.4, =0.0.6.dev1 and more Source cves: CVE-2025-68438 Source advisory: SNYK:PYTHON-APACHEAIRFLOWTASKSDK-15032537...

7.5CVSS5.8AI score0.00586EPSS

Snyk•added 2026/01/16 12:30 p.m.•1 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the serialization for rendered...

7.5CVSS5.7AI score0.00586EPSS

vulnersOsv•added 2026/01/16 12:30 p.m.•2 views

apache-airflow-core (>=3.1.0 <=3.1.5), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2025-68438 via apache-airflow (>=3.1.0 <=3.1.5)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0rc1, =7.0.0rc1, =1.9.0rc1, =1.9.0rc2 - dkist-processing-test =1.37.0rc2 - dkist-processing-vbi =1.26.0rc1 and more Source cves: CVE-2025-68438 Source advisory: OSV:GHSA-3QMM-R55X-HPXX...

7.5CVSS5.4AI score0.00586EPSS