airflow-aws-shared-secrets (>=0.0.1 <=0.0.5), airflow-tools (>=0.1.0 <=0.11.0) +4 more potentially affected by CVE-2026-25604 via apache-airflow-providers-amazon (>=8.29.0 <=9.17.0)

apache-airflow-providers-amazon PYPI version =8.29.0, =0.0.1, =0.1.0, =0.0.3, =2.10.3, =0.0.1rc1, =2.10.7, =2.10.11rc5 Source cves: CVE-2026-25604 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSAMAZON-15441004...

GHSA-763G-FQQ7-48WG XML external entity (XXE) processing ('external-parameter-entities' feature was not fully disabled))

Due to an incomplete fix for CVE-2019-9658, checkstyle was still vulnerable to XML External Entity XXE Processing. Impact User: Build Maintainers This vulnerability probably doesn't impact Maven/Gradle users as, in most cases, these builds are processing files that are trusted, or pre-vetted by a...

CVE-2019-10782

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity XXE Injection due to an incomplete fix for CVE-2019-9658...

CVE-2019-10782

All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulnerable to XML External Entity XXE Injection due to an incomplete fix for CVE-2019-9658...