airflow

Direct Vulnerabilities

Known vulnerabilities in the airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
L CVE-2025-5279	<2.11.0-r1
L Allocation of Resources Without Limits or Throttling	<2.10.5-r44
L HTTP Request Smuggling	<2.10.5-r43
L SQL Injection	<2.10.5-r3
L CVE-2024-12797	<2.10.5-r1
L Deserialization of Untrusted Data	<2.10.5-r0
L Incorrect Default Permissions	<2.10.5-r0
L SQL Injection	<2.10.5-r0
L Insufficient Session Expiration	<2.10.4-r2
L CVE-2024-12745	<2.10.4-r2
H Improper Neutralization	<2.10.4-r2
L Protection Mechanism Failure	<2.10.4-r2
M Information Exposure Through Log Files	<2.10.2-r1
H CVE-2024-21272	<2.10.2-r1
L Missing Release of Resource after Effective Lifetime	<2.10.3-r2
L Resource Exhaustion	<2.10.3-r2
H CVE-2024-52304	<2.10.3-r2
L Information Exposure	<2.10.3-r0
M CVE-2024-45314	<2.10.3-r0
L Improper Encoding or Escaping of Output	<2.10.1-r0
L CVE-2024-45034	<2.10.1-r0
M Cross-site Scripting (XSS)	<2.10.0-r0
M CVE-2024-42367	<2.9.3-r2
C Insufficient Session Expiration	<2.9.3-r2
L Arbitrary Code Injection	<2.9.3-r1
M Cross-site Scripting (XSS)	<2.9.3-r0
H Arbitrary Code Injection	<2.9.3-r0
H Insufficient Verification of Data Authenticity	<2.9.2-r2
M CVE-2024-37891	<2.9.2-r1
M CVE-2024-25142	<2.9.2-r0
M Race Condition	<2.9.2-r0
L CVE-2024-35195	<2.9.1-r1