CVE-2026-22922

CVE-2026-22922 affects Apache Airflow versions 3.1.0–3.1.6, where an authorization flaw could allow an authenticated user with custom permissions limited to task access to view task logs without task-log access. The issue has been fixed in Airflow 3.1.7 and later. Practical impact is limited to l...

CVE-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22922

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

CVE-2026-22922 Apache Airflow: Airflow externalLogUrl Permission Bypass

Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Versions 3.1.0 to 3.1.6 of Apache Airflow contain securit...

PT-2026-7102

Name of the Vulnerable Software and Affected Versions Apache Airflow versions 3.1.0 through 3.1.6 Description An authorization flaw exists in Apache Airflow that could allow an authenticated user with limited task permissions to view task logs without proper authorization. The issue affects syste...

CVE-2026-2108

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2108

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2108

The CVE-2026-2108 entry covers jsbroks COCO Annotator up to version 0.11.1. The vulnerability affects the Endpoint component’s /api/info/long_task, where manipulation can cause a denial of service. It is remotely exploitable and has been publicly disclosed; multiple sources note no vendor respons...

CVE-2026-2108 jsbroks COCO Annotator Endpoint long_task denial of service

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

CVE-2026-2108 jsbroks COCO Annotator Endpoint long_task denial of service

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

EUVD-2026-5719

A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/longtask of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

PT-2026-6916

Name of the Vulnerable Software and Affected Versions jsbroks COCO Annotator versions up to 0.11.1 Description A flaw exists in jsbroks COCO Annotator that can lead to a denial of service. This issue affects the Endpoint component and involves the /api/info/long task file and an unknown function...

COCO Annotator 安全漏洞

COCO Annotator is a web-based image annotation tool developed by Justin Brooks. It aims to provide versatility and efficient image annotation. COCO Annotator versions 0.11.1 and earlier contain security vulnerabilities, which stem from incorrect operations on components like Endpoint, specificall...

CVE-2025-61917

n8n is an open source workflow automation platform. From version 1.65.0 to before 1.114.3, the use of Buffer.allocUnsafe and Buffer.allocUnsafeSlow in the task runner allowed untrusted code to allocate uninitialized memory. Such uninitialized buffers could contain residual data from within the sa...

CODTECH-Task2-Web-Vulnerability-Scanner

...

Protection Mechanism Failure

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Protection Mechanism Failure via the Python Code node. An attacker can execute arbitrary code outside the intended security boundary by leveraging authenticated access and enabling Task Runners with...

n8n has a Python sandbox escape

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

GHSA-8398-GMMX-564H n8n has a Python sandbox escape

Impact A vulnerability in the Python Code node allows authenticated users to break out of the Python sandbox environment and execute code outside the intended security boundary. Only authenticated users are able to execute code through Task Runners. This issue affected any deployment in which the...

@n8n/backend-test-utils (=0.26.0), @n8n/db (=0.34.0) +2 more potentially affected by CVE-2026-25051 via n8n-core (=1.122.0)

n8n-core NPM version =1.122.0 is affected by a known vulnerability. The following packages have a transitive dependency on n8n-core and may be impacted: - @n8n/backend-test-utils =0.26.0 - @n8n/db =0.34.0 - @n8n/task-runner =1.59.0 - n8n-node-dev =1.121.0 Source cves: CVE-2026-25051 Source...