Improper Removal of Sensitive Information Before Storage or Transfer

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the serialization for rendered...

Insertion of Sensitive Information into Log File

Overview apache-airflow-task-sdk is a The Apache Airflow Task SDK includes interfaces for Dag authors and Task execution logic for Python. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the proxies and proxy fields in a Connection. An...

Apache Airflow proxy credentials for various providers might leak in task logs

In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result,...

apache-airflow-core (>=3.1.0 <=3.1.5), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2025-68438 via apache-airflow (>=3.1.0 <=3.1.5)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0rc1, =7.0.0rc1, =1.9.0rc1, =1.9.0rc2 - dkist-processing-test =1.37.0rc2 - dkist-processing-vbi =1.26.0rc1 and more Source cves: CVE-2025-68438 Source advisory: OSV:GHSA-3QMM-R55X-HPXX...

CVE-2025-68675

CVE-2025-68675 affects Apache Airflow versions prior to 3.1.6, where proxy URLs embedded in Connection proxy fields could be logged in cleartext. The issue arises because these proxies/fields were not treated as sensitive by default, allowing credentials to leak through task/log output. Public ad...

EUVD-2026-2912

In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000853)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000853 advisory. The pagemapopen function in fs/proc/taskmmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-004288)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004288 advisory. In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in starttask starttask calls createsinglethreadworkqueu...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000811)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000811 advisory. drivers/infiniband/ulp/srpt/ibsrpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service NULL pointer dereference and system crash by...

scsi: target: Reset t_task_cdb pointer in error case

...

SUSE CVE-2025-68782

In the Linux kernel, the following vulnerability has been resolved: scsi: target: Reset ttaskcdb pointer in error case If allocation of cmd-ttaskcdb fails, it remains NULL but is later dereferenced in the 'err' path. In case of error, reset NULL ttaskcdb value to point at the default fixed-size...

PT-2026-3231

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.6 Description When rendered template fields in a Dag exceed max templated field length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This is due to the serialization of these...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003110)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003110 advisory. Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002391)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002391 advisory. The archduptaskstruct function in the Transactional Memory TM implementation in arch/powerpc/kernel/process.c in the Linux kernel before 3.13.7 on the powerpc platfo...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003312)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003312 advisory. An issue was discovered in the Linux kernel before 4.20. There is a race condition in smptasktimedout and smptaskdone in drivers/scsi/libsas/sasexpander.c, leading t...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002839)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002839 advisory. drivers/infiniband/ulp/srpt/ibsrpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service NULL pointer dereference and system crash by...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003114)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003114 advisory. drivers/infiniband/ulp/srpt/ibsrpt.c in the Linux kernel before 4.5.1 allows local users to cause a denial of service NULL pointer dereference and system crash by...

PT-2026-3232

Name of the Vulnerable Software and Affected Versions Apache Airflow versions prior to 3.1.6 Description Apache Airflow versions before 3.1.6 did not properly handle sensitive information within proxy URLs in Connection objects. Specifically, proxy credentials embedded in the proxies and proxy...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...

CVE-2025-71102

In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in scsmagic scsmagic needs a 'void ' variable, but a 'struct taskstruct ' is given. 'taskscstsk' is the starting address of the task's shadow call stack, and 'scsmagictaskscstsk' is the end address of t...