Lucene search
K
GithubRecent

33225 matches found

Github Security Blog
Github Security Blog
added 2026/06/03 8:59 p.m.27 views

quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an http.Header for t...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:58 p.m.15 views

React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:56 p.m.18 views

AIOHTTP is Vulnerable to Deserialization of Untrusted Data

Summary Using CookieJar.load with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with the user's own data, so this is unlikely to affect many applications. Workaround If an application does allow attacker controlled files to be...

7.3CVSS6.1AI score0.00128EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:33 p.m.11 views

React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from untrusted sources !NOTE This only impacts your application if you are using the unstable RSC APIs in React Router...

8CVSS5.8AI score0.00188EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:33 p.m.15 views

React Router has stored XSS via unescaped Location header in prerendered redirect HTML

When using React Router v7 Framework Mode with Pre-rendering enabled, an improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in statically generated HTML files if the redirect location comes from an untrusted source. !NOTE This does not impact your React...

5.4CVSS5.8AI score0.00144EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:25 p.m.14 views

backpack/crud is vulnerable to Cross-Site Scripting (XSS)

Impact It’s a “moderate” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing campaign, in order to trick your users or admins to click a malicious link, which under very specific circumstances could give them information...

5.1CVSS5.7AI score0.00303EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 8:2 p.m.14 views

Docling: Unsafe Zip Extraction in EasyOCR Model Download

Impact In versions 2.91.0, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If an attacker could compromise the model download source via supply chain attack, DNS spoofing, or MITM, they could write arbitrary files to any...

8.3CVSS6.3AI score0.00478EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 6:2 p.m.22 views

launch-editor vulnerable to command injection via the crafted request on Windows

Summary Due to the insufficient sanitization of the file argument in the launchEditor, an attacker can execute arbitrary commands on Windows by supplying a filename that contains special characters. Impact If the following conditions are met, an attacker can execute arbitrary commands on the...

8.3CVSS6AI score0.00521EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/03 9:30 a.m.4 views

MLflow: Environment variable injection in AI Gateway secrets enables server-side credential exfiltration

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

9.1CVSS7.3AI score0.00435EPSS
Exploits1References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 12:30 a.m.4 views

Code Index MCP is vulnerable to Uncontrolled Resource Consumption

A weakness has been identified in johnhuang316 code-index-mcp up to 2.14.0. Affected is the function issaferegexpattern of the component searchcodeadvanced. Executing a manipulation of the argument regex can lead to inefficient regular expression complexity. It is possible to launch the attack...

5.3CVSS5.8AI score0.0031EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 12:30 a.m.4 views

DesktopCommanderMCP is vulnerable to Uncontrolled Resource Consumption

A security flaw has been discovered in wonderwhy-er DesktopCommanderMCP up to 0.2.38. This impacts an unknown function of the file src/search-manager.ts of the component startsearch. Performing a manipulation of the argument SearchResult results in inefficient regular expression complexity. It is...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 12:30 a.m.4 views

DesktopCommanderMCP is vulnerable to SSRF

A vulnerability was identified in wonderwhy-er DesktopCommanderMCP 0.2.37. This affects the function readFileFromUrl of the file src/tools/filesystem.ts of the component readfile. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote...

6.5CVSS5.7AI score0.00209EPSS
Exploits0References9Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 6:31 p.m.5 views

OpenMed vulnerable to remote code injection through privacy-filter model loading path

OpenMed before 1.5.2 contains a remote code execution vulnerability in the PII privacy-filter model loading path. The privacy-filter dispatcher used broad substring matching on the user-supplied modelname parameter, allowing a value such as attacker/foo-privacy-filter-bar to route through a path...

9.8CVSS6.4AI score0.00915EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 12:31 p.m.3 views

Jupyter Server vulnerable to Path Traversal via incorrect root directory boundary check in _get_os_path()

A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the getospath function within jupyterserver/services/contents/fileio.py. The check uses startswithroot without appending a trailing path separator, allowing sibling...

8.1CVSS6AI score0.00437EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 12:31 p.m.2 views

Apache Calcite is Vulnerable to Use of Externally-Controlled Input to Select Classes

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Apache Calcite. This issue affects Apache Calcite: from 1.5.0 before 1.42. Users are recommended to upgrade to version 1.42, which fixes the issue...

6.5CVSS5.9AI score0.00436EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 9:36 a.m.1 views

Prefect has an Authentication Middleware Bypass when URL paths are appended with 'health' or 'ready'

In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path exemptions for health check probes. Specifically, the authentication middleware exempts any URL path ending with 'health' or 'ready' from authentication checks. This allo...

7.5CVSS5.9AI score0.00476EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 6:30 a.m.3 views

MLflow: Any authenticated user can enumerate all gateway secrets, endpoints, and model definitions

MLflow 3.9.0 with basic-auth --app-name basic-auth fails to enforce authorization checks for multiple Gateway API 'list' endpoints. Specifically, the BEFOREREQUESTHANDLERS dictionary in mlflow/server/auth/init.py does not include entries for ListGatewaySecretInfos, ListGatewayEndpoints, and...

6.5CVSS5.9AI score0.00244EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 3:31 a.m.3 views

FoundationAgents MetaGPT: Deserialization through flawed argument mapping via Message.check_instruct_content()

A weakness has been identified in FoundationAgents MetaGPT up to 0.8.2. This affects the function Message.checkinstructcontent of the file metagpt/schema.py. Executing a manipulation of the argument mapping can lead to deserialization. The attack is restricted to local execution. The exploit has...

5.3CVSS5.7AI score0.00122EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 12:31 a.m.4 views

SGLang: Reachable Assertion via  lora_path  in LoRAManager enables remote Denial of Dervice

A security vulnerability has been detected in SGLang 0.5.10.post1. Impacted is an unknown function of the file python/sglang/srt/lora/loramanager.py of the component Inference HTTP Endpoint. Such manipulation of the argument lorapath leads to reachable assertion. The attack can be launched...

6.3CVSS5.1AI score0.00368EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/02 12:31 a.m.3 views

Claw Orchestrator has inefficient regular expression complexity via validateRegex()

A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient...

5.3CVSS5.3AI score0.00354EPSS
Exploits0References11Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:30 p.m.4 views

Claw Orchestrator is missing authentication for the component API Endpoint

A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made...

7.5CVSS6.5AI score0.0041EPSS
Exploits0References10Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:30 p.m.4 views

Spring Cloud Function Context: Uncontrolled Recursion is possible while attempting to add infinite amount of functions to Function Registry

OOM error is possible while attempting to add infinite amount of functions to Function Registry. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:30 p.m.3 views

Spring Cloud Function Context has Uncontrolled Recursion

Under infinite recursion in the routing layer, request-handling can cause OOM error. Affected Spring Products and Versions: Spring Cloud Function 3.2.x: versions prior to 3.2.16 Spring Cloud Function 4.1.x: versions prior to 4.1.10 Spring Cloud Function 4.2.x: versions prior to 4.2.6 Spring Cloud...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 6:31 p.m.4 views

pip: Path traversal in console_scripts/gui_scripts entry point names allows installing scripts outside of target directory

pip would treat consolescripts and guiscripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory...

8CVSS7.1AI score0.0032EPSS
Exploits0References36Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 3:30 p.m.6 views

Logback vulnerable to Object Injection through HardenedObjectInputStream modules

Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core HardenedObjectInputStream logback-core modules allows Object Injection, albeit heavily restricted. More precisely, an attacker able to influence serialized data sent to SimpleSocketServer or SimpleSSLSocketServer...

6.3CVSS6.6AI score0.00342EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:26 p.m.16 views

kas checks out SHA-like git branches as valid commits

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

5.7AI score0.00018EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:24 p.m.16 views

praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

5.8AI score0.00041EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:24 p.m.21 views

praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

5.8AI score0.00043EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:23 p.m.16 views

praisonai-platform: Any workspace member can add arbitrary user as owner via POST /workspaces/{id}/members

Summary Type: Privilege escalation / cross-tenant member injection. The POST /workspaces/workspaceid/members endpoint is gated only by requireworkspacememberworkspaceid default minrole="member" and forwards the request body's userid and role straight into MemberService.addworkspaceid, userid, rol...

5.8AI score0.00031EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:23 p.m.17 views

praisonai-platform: Any workspace member can rewrite workspace name, description, and settings via PATCH /workspaces/{id}

Summary Type: Authorization bypass enabling workspace metadata + settings tampering. The PATCH /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member can rewrite the workspace's name, description, and the settings JSON blob. The...

6AI score0.00029EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:19 p.m.18 views

praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:17 p.m.17 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score0.00032EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:15 p.m.20 views

rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

5.9AI score0.00058EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2026/06/01 2:12 p.m.43 views

Vitest browser mode serves unsanitized otelCarrier query parameter as inline script

Summary Vitest browser mode served /vitesttest/ with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vitest...

6.1AI score0.0005EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:9 p.m.19 views

When Vitest UI server is listening, arbitrary file can be read and executed

Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either of the following conditions are affected: - explicitly exposes the Vitest UI server to the network using --api.host or api.host config opti...

6.4AI score0.00232EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:7 p.m.158 views

DOMPurify XSS via selectedcontent re-clone

Summary DOMPurify 3.4.4 allows selectedcontent by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively bypassing DOMPurify. Details The chain is as follows: 1. The browser parses the input and creates a clone from the selected 2. DOMPurify walks an...

5.8AI score0.00035EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 2:5 p.m.17 views

Nezha's authenticated agents can forge service-monitor results for other users' services

Summary Nezha accepts service-monitor TaskResult messages from an authenticated agent based only on whether the reported service ID exists. The dashboard authenticates the agent and derives the reporter server ID from the gRPC stream, but the service-monitor result worker does not verify that the...

7.1CVSS5.8AI score0.00266EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 1:58 p.m.28 views

@agenticmail/mcp Missing Authentication for Critical Function

AgenticMail MCP HTTP authorization bypass Summary @agenticmail/mcp exposes a Streamable HTTP transport when started with --http or MCPHTTP=1. In that mode, the /mcp endpoint accepts requests without any HTTP authentication layer. A remote client can initialize a session and call tools directly. T...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References8Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 12:30 p.m.3 views

Apache Fesod is vulnerable to Server-Side Request Forgery through its UrlImageConverter component

Server-Side Request Forgery SSRF in the UrlImageConverter component of Apache Fesod Incubating fesod-sheet before 2.0.2-incubating allows attackers to cause outbound network requests to internal or otherwise restricted resources via a user-supplied image URL. Users are recommended to upgrade to...

5.3CVSS5.9AI score0.00502EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache MINA SSHD bundle sshd-git has a path traversal vulnerability

There is a path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are...

7.1CVSS6AI score0.00527EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache ActiveMQ has an Incorrect Default Permissions vulnerability

Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6. The default Jolokia authorization settings granted non-admin low-privilege web-login accounts access to Jolokia operations which allowed executing broker...

8.8CVSS5.9AI score0.00424EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.2 views

Apache Airflow has an Authorization Bypass Through User-Controlled Key

The Event Log detail endpoint GET /api/v2/eventLogs/eventlogid in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission check, while the collection endpoint GET /api/v2/eventLogs applied per-Dag scoping. An authenticated UI/API user with audit-lo...

4.3CVSS6AI score0.00352EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache ActiveMQ server has an incomplete authorization workflow

Incomplete authorization by Apache ActiveMQ server before versions v6.2.6 and v5.19.7 allows authenticated connections to remove existing destinations with proper permissions. This issue affects Apache ActiveMQ Broker: before 5.19.7, from 6.0.0 before 6.2.6; Apache ActiveMQ All: before 5.19.7, fr...

4.3CVSS5.9AI score0.00335EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.4 views

Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All have an Exposure of Sensitive Information Through Metadata vulnerability

Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...

5.9CVSS6AI score0.00328EPSS
Exploits0References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache Airflow has no certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS6.1AI score0.00185EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.5 views

Apache Airflow: Execution API JWT leaked via KubernetesExecutor worker command-line args

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

8.8CVSS6AI score0.00489EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.2 views

Apache Fluss: Unauthenticated remote attackers can exhaust JVM heap memory using crafted frame headers via TabletServer/CoordinatorServer

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

7.5CVSS6AI score0.0058EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache Airflow: Auth manager doesn't invalidate JWT tokens after users click logout

A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for FabAuthManager and KeycloakAuthManager did not actually reach the underlying revoketoken call, so the JWT remained accepted by the API server...

6.5CVSS6AI score0.00382EPSS
Exploits0References6Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.3 views

Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ have a Code Injection issue

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesized discovery wrappers such as masterslave:vm://...,... and static:vm://... incorrectly pass validation allowing bypass o...

8.8CVSS6.8AI score0.96666EPSS
Exploits13References4Affected Software3
Github Security Blog
Github Security Blog
added 2026/06/01 9:31 a.m.6 views

Apache Airflow Vulnerable to Deserialization of Untrusted Data

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6.1AI score0.00651EPSS
Exploits0References6Affected Software1
Total number of security vulnerabilities33225