Homepage

airflow vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-5279

<2.11.0-r1
  • L
GHSA-r244-wg5g-6w2r

<2.11.0-r1
  • L
Allocation of Resources Without Limits or Throttling

<2.10.5-r44
  • L
GHSA-7cx3-6m66-7c5m

<2.10.5-r44
  • L
GHSA-vqfr-h8mv-ghfj

<2.10.5-r43
  • L
HTTP Request Smuggling

<2.10.5-r43
  • L
GHSA-hhm6-jjf4-6pm3

<2.10.5-r3
  • L
SQL Injection

<2.10.5-r3
  • L
CVE-2024-12797

<2.10.5-r1
  • L
GHSA-79v4-65xg-pq4g

<2.10.5-r1
  • L
GHSA-r2x6-cjg7-8r43

<2.10.5-r0
  • L
Deserialization of Untrusted Data

<2.10.5-r0
  • L
GHSA-m4f6-vcj4-w5mx

<2.10.5-r0
  • L
Incorrect Default Permissions

<2.10.5-r0
  • L
SQL Injection

<2.10.5-r0
  • L
GHSA-2vpq-fh52-j3wv

<2.10.5-r0
  • L
Insufficient Session Expiration

<2.10.4-r2
  • L
GHSA-8863-4qmg-fr45

<2.10.4-r2
  • L
CVE-2024-12745

<2.10.4-r2
  • L
GHSA-q2x7-8rv6-6q7h

<2.10.4-r2
  • L
GHSA-gmj6-6f8f-6699

<2.10.4-r2
  • L
GHSA-8gc2-vq6m-rwjw

<2.10.4-r2
  • H
Improper Neutralization

<2.10.4-r2
  • L
Protection Mechanism Failure

<2.10.4-r2
  • M
Information Exposure Through Log Files

<2.10.2-r1
  • L
GHSA-5vvg-pvhp-hv2m

<2.10.2-r1
  • L
GHSA-hgjp-83m4-h4fj

<2.10.2-r1
  • H
CVE-2024-21272

<2.10.2-r1
  • L
Missing Release of Resource after Effective Lifetime

<2.10.3-r2
  • L
Resource Exhaustion

<2.10.3-r2
  • H
CVE-2024-52304

<2.10.3-r2
  • L
GHSA-8w49-h785-mj3c

<2.10.3-r2
  • L
GHSA-8495-4g3g-x7pr

<2.10.3-r2
  • L
GHSA-27mf-ghqm-j3j8

<2.10.3-r2
  • L
GHSA-j857-2pwm-jjmm

<2.10.3-r0
  • L
Information Exposure

<2.10.3-r0
  • M
CVE-2024-45314

<2.10.3-r0
  • L
GHSA-fw5r-6m3x-rh7p

<2.10.3-r0
  • L
GHSA-92xg-gmrq-5c3w

<2.10.1-r0
  • L
GHSA-c392-whpc-vfpr

<2.10.1-r0
  • L
Improper Encoding or Escaping of Output

<2.10.1-r0
  • L
CVE-2024-45034

<2.10.1-r0
  • L
GHSA-h4gh-qq45-vh27

<2.10.0-r0
  • L
GHSA-w7cp-g8v7-r54m

<2.10.0-r0
  • M
Cross-site Scripting (XSS)

<2.10.0-r0
  • M
CVE-2024-42367

<2.9.3-r2
  • L
GHSA-jwhx-xcg6-8xhj

<2.9.3-r2
  • L
GHSA-62qf-qm3g-fvcw

<2.9.3-r2
  • C
Insufficient Session Expiration

<2.9.3-r2
  • L
Arbitrary Code Injection

<2.9.3-r1
  • L
GHSA-cx63-2mw6-8hw5

<2.9.3-r1
  • L
GHSA-j482-47xf-p25c

<2.9.3-r0
  • M
Cross-site Scripting (XSS)

<2.9.3-r0
  • H
Arbitrary Code Injection

<2.9.3-r0
  • L
GHSA-g5hv-r743-v8pm

<2.9.3-r0
  • H
Insufficient Verification of Data Authenticity

<2.9.2-r2
  • L
GHSA-248v-346w-9cwc

<2.9.2-r2
  • L
GHSA-34jh-p97f-mpxf

<2.9.2-r1
  • L
CVE-2024-37891

<2.9.2-r1
  • L
GHSA-9xpj-62mm-24h2

<2.9.2-r0
  • M
CVE-2024-25142

<2.9.2-r0
  • M
Race Condition

<2.9.2-r0
  • L
GHSA-w235-7p84-xx57

<2.9.2-r0
  • L
GHSA-m5vv-6r4h-3vj9

<2.9.2-r0
  • L
GHSA-753j-mpmx-qq6g

<2.9.2-r0
  • H
Out-of-bounds Write

<2.9.1-r1
  • L
GHSA-hrfv-mqp8-q5rw

<2.9.1-r1
  • L
GHSA-9wx4-h78v-vm56

<2.9.1-r1
  • H
Information Exposure

<2.9.1-r1
  • H
NULL Pointer Dereference

<2.9.1-r1
  • M
CVE-2024-0727

<2.9.1-r1
  • L
GHSA-9v9h-cgj8-h64p

<2.9.1-r1
  • L
GHSA-6vqw-3v5j-54x4

<2.9.1-r1
  • L
GHSA-3ww4-gg4f-jr7f

<2.9.1-r1
  • L
CVE-2024-35195

<2.9.1-r1