GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
68 advisories
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
Apache Airflow Contains Open Redirect
Moderate
CVE-2022-45402
was published
for
apache-airflow
(pip)
Nov 15, 2022
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
Improper Certificate Validation in Apache Airflow
High
CVE-2018-20245
was published
for
apache-airflow
(pip)
Jan 25, 2019
Improper Input Validation in Apache Airflow resulting in Remote Code Execution
High
CVE-2017-15720
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
Authentication bypass in Apache Airflow
Critical
CVE-2020-13927
was published
for
apache-airflow
(pip)
Apr 30, 2021
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
Moderate
CVE-2020-17515
was published
for
apache-airflow
(pip)
Apr 20, 2021
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Apache Airflow vulnerable to Use of Externally-Controlled Format String
High
CVE-2022-40604
was published
for
apache-airflow
(pip)
Sep 22, 2022
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Insecure default config of Celery worker in Apache Airflow
Critical
CVE-2020-11982
was published
for
apache-airflow
(pip)
Jul 27, 2020
Remote code execution (RCE) in Apache Airflow
High
CVE-2020-11978
was published
for
apache-airflow
(pip)
Jul 27, 2020
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Cross-Site Request Forgery (CSRF) in Apache Airflow
High
CVE-2017-17835
was published
for
apache-airflow
(pip)
Jan 25, 2019
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
ProTip!
Advisories are also available from the
GraphQL API