airflow-3 | Snyk

Direct Vulnerabilities

Known vulnerabilities in the airflow-3 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Improper Encoding or Escaping of Output	*
L Improper Validation of Certificate with Host Mismatch	*
H Improper Output Neutralization for Logs	*
L GHSA-v4p8-mg3p-g94g	*
L GHSA-r75f-5x8p-qvmc	*
L GHSA-xqmj-j6mv-4862	*
L CVE-2026-41486	<3.2.1-r0
L Exposure of Resource to Wrong Sphere	<3.2.0-r0
L Exposure of Resource to Wrong Sphere	<3.2.0-r0
L Incorrect Authorization	<3.2.0-r0
H Directory Traversal	<3.2.1-r0
M HTTP Response Splitting	<3.2.1-r0
L Resource Exhaustion	<3.2.1-r0
L XML External Entity (XXE) Injection	*
L Allocation of Resources Without Limits or Throttling	<3.2.1-r0
L Resource Exhaustion	<3.2.1-r0
L Cross-site Request Forgery (CSRF)	<3.2.1-r0
L Link Following	<3.1.8-r0
L Resource Exhaustion	<3.2.1-r0
M HTTP Response Splitting	<3.2.1-r0
M Improper Input Validation	<3.2.1-r0
H Allocation of Resources Without Limits or Throttling	<3.2.1-r0
H Directory Traversal	<3.2.1-r0
M Allocation of Resources Without Limits or Throttling	<3.2.1-r0
L HTTP Response Splitting	<3.2.1-r0
C Out-of-Bounds	<3.2.1-r0
L Deserialization of Untrusted Data	<3.2.0-r0
M Information Exposure	<3.2.1-r0
L Information Exposure Through Log Files	<3.2.0-r0
L Arbitrary Code Injection	<3.2.0-r0
L CVE-2026-25219	<3.1.8-r0
L Deserialization of Untrusted Data	<3.2.0-r0
L Information Exposure Through Log Files	<3.2.0-r0
L Insufficient Session Expiration	<3.2.0-r0
L Exposure of Resource to Wrong Sphere	<3.2.0-r0
M Insecure Temporary File	<3.2.0-r0
M Improper Certificate Validation	<3.2.0-r0
M Failure to Sanitize Special Element	<3.2.0-r0
H Resource Exhaustion	<3.2.0-r0
L Uncontrolled Recursion	<3.2.0-r0
L Insufficient Verification of Data Authenticity	<3.2.0-r0
C Buffer Overflow	<3.2.0-r0
M Not Failing Securely ('Failing Open')	<3.2.0-r0
L GHSA-78cv-mqj4-43f7	<3.2.0-r0
L GHSA-72hv-8253-57qq	<3.2.1-r0
L Missing Authorization	<3.1.8-r0
M Incorrect Permission Assignment for Critical Resource	<3.1.8-r0
L Exposure of Resource to Wrong Sphere	<3.1.8-r0
L Incorrect Permission Assignment for Critical Resource	<3.1.8-r0
M Information Exposure	<3.1.8-r0
L Improper Verification of Cryptographic Signature	<3.1.8-r0
H Improper Validation of Integrity Check Value	<3.1.8-r0
L Origin Validation Error	<3.1.8-r0
C Improper Verification of Cryptographic Signature	<3.1.8-r0
L Improper Control of Dynamically-Managed Code Resources	<3.1.8-r0
M Improper Handling of Windows Device Names	<3.2.0-r0
M Declaration of Catch for Generic Exception	<3.2.0-r0
M Information Exposure Through Caching	<3.2.1-r0
L Information Exposure	<3.1.5-r0
L CVE-2026-2473	<3.1.7-r0
L CVE-2026-2472	<3.1.6-r0
M CVE-2026-26007	<3.2.0-r0
L Incorrect Use of Privileged APIs	<3.1.7-r0
L GHSA-27jp-wm6q-gp25	<3.1.4-r0
L Information Exposure	<3.1.7-r0
H CVE-2026-0994	<3.2.0-r0
H Directory Traversal	<3.1.7-r0
M Directory Traversal	<3.1.7-r0
L Directory Traversal	<3.1.7-r0
L Allocation of Resources Without Limits or Throttling	<3.1.7-r0
M Improper Handling of Windows Device Names	<3.2.0-r0
L Link Following	<3.1.7-r0
H Deserialization of Untrusted Data	<3.1.7-r0
M Logging of Excessive Data	<3.2.0-r0
M Allocation of Resources Without Limits or Throttling	<3.2.0-r0
L Improper Handling of Highly Compressed Data (Data Amplification)	<3.2.0-r0
H Loop with Unreachable Exit Condition ('Infinite Loop')	<3.2.0-r0
M Directory Traversal	<3.2.0-r0
M HTTP Request Smuggling	<3.2.0-r0
M HTTP Request Smuggling	<3.2.0-r0
H Allocation of Resources Without Limits or Throttling	<3.2.0-r0
L Information Exposure Through Log Files	<3.1.6-r0
L Information Exposure	<3.1.6-r0
M Improper Certificate Validation	<3.2.0-r0
L Asymmetric Resource Consumption (Amplification)	<3.1.6-r0
L Incomplete Blacklist	<3.1.6-r0
H Improper Handling of Highly Compressed Data (Data Amplification)	<3.1.6-r0
H Cross-site Request Forgery (CSRF)	<3.1.5-r0
M Link Following	<3.1.6-r0
M Information Exposure	<3.1.4-r0
H Improper Handling of Highly Compressed Data (Data Amplification)	<3.1.5-r0
H Allocation of Resources Without Limits or Throttling	<3.1.5-r0
L Insecure Default Initialization of Resource	<3.2.0-r0
M Improper Handling of Windows Device Names	<3.2.0-r0
L Arbitrary Code Injection	<3.2.0-r0
H HTTP Request Smuggling	<3.2.0-r0
L Algorithmic Complexity	<3.2.0-r0
M Directory Traversal	<3.2.0-r0
H Resource Exhaustion	<3.2.0-r0
L Uncontrolled Recursion	<3.2.0-r0
L CVE-2024-34069	<3.2.0-r0
H Out-of-bounds Write	<3.2.0-r0
L Execution with Unnecessary Privileges	<3.1.1-r0
L Execution with Unnecessary Privileges	<3.1.1-r0
L Improper Authentication	<3.1.1-r0
L External Control of File Name or Path	<3.1.1-r0

Vulnerability

Vulnerable Version

Improper Encoding or Escaping of Output