apache-airflow vulnerabilities

Programmatically author, schedule and monitor data pipelines

  • latest version

    3.1.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    27 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the apache-airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insertion of Sensitive Information into Log File

    [,2.10.3rc1)
    • M
    Uninitialized Memory Exposure

    [,2.10.3)
    • H
    Execution with Unnecessary Privileges

    [,2.10.1)
    • H
    Improper Encoding or Escaping of Output

    [,2.10.1)
    • M
    Cross-site Scripting (XSS)

    [,2.10.0)
    • M
    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

    [,2.9.3)
    • H
    Improper Control of Generation of Code ('Code Injection')

    [2.4.0,2.9.3)
    • M
    Use of Web Browser Cache Containing Sensitive Information

    [,2.9.2)
    • M
    Cross-site Scripting (XSS)

    [2.9.0,2.9.1)
    • H
    Improper Certificate Validation

    [,2.9.0b1)
    • M
    Information Exposure

    [2.7.0,2.9.0)
    • H
    Arbitrary Code Execution

    [,1.9.0)
    • M
    Improper Preservation of Permissions

    [2.8.2,2.8.4)
    • M
    Incorrect Privilege Assignment

    [2.8.0,2.8.3rc1)
    • M
    Incorrect Default Permissions

    [,2.8.2rc1)
    • M
    Exposure of Resource to Wrong Sphere

    [,2.8.2)
    • M
    Improper Authorization

    [,2.6.3)
    • M
    Deserialization of Untrusted Data

    [,2.8.1)
    • M
    Missing Authorization

    [,2.8.1)
    • M
    Insertion of Sensitive Information into Log File

    [2.3.0,2.6.1)
    • M
    Denial of Service (DoS)

    [,2.6.3)
    • M
    Cross-site Request Forgery (CSRF)

    [2.7.0,2.8.0)
    • M
    Improper Access Control

    [,2.8.0b1)
    • M
    Cross-site Scripting (XSS)

    [2.6.0,2.8.0b1)
    • M
    Improper Access Control

    [,2.8.0b1)
    • M
    Incorrect Authorization

    [,2.7.3)
    • M
    Improper Access Control

    [,2.7.3)
    • M
    Information Exposure

    [2.4.0,2.7.0b1)
    • M
    Information Exposure

    [2.7.0,2.7.2)
    • M
    Improper Access Control

    [,2.7.2)
    • M
    Improper Access Control

    [,2.7.2)
    • M
    Information Exposure

    [,2.7.2)
    • M
    Insecure Defaults

    [,2.7.0)
    • M
    Incorrect Authorization

    [,2.7.3)
    • M
    Information Exposure

    [,2.7.1)
    • M
    Cross-site Scripting (XSS)

    [,1.9.0)
    • H
    Denial of Service (DoS)

    [,2.7.0)
    • M
    Improper Certificate Validation

    [,2.7.0)
    • H
    Session Fixation

    [,2.7.0)
    • H
    Execution with Unnecessary Privileges

    [,2.6.0b1)
    • M
    Improper Input Validation

    [,2.6.3)
    • M
    Incorrect Authorization

    [,2.6.3)
    • M
    Directory Traversal

    [,2.6.3)
    • M
    Information Exposure

    [,2.6.3)
    • L
    Information Exposure

    [2.5.0,2.6.2)
    • M
    Privilege Escalation

    [,2.6.0)
    • M
    Cross-site Scripting (XSS)

    [,2.6.0)
    • M
    Information Exposure

    [,2.5.2)
    • C
    Command Injection

    [,2.5.1)
    • M
    Open Redirect

    [,2.4.3)
    • M
    Information Exposure

    [,2.3.1)
    • M
    Command Injection

    [,2.4.0)
    • M
    Open Redirect

    [,2.4.2)
    • M
    Cross-site Scripting (XSS)

    [,2.4.2)
    • M
    Access Restriction Bypass

    [,2.4.1)
    • M
    Information Exposure

    [2.3.0,2.3.4)
    • M
    Open Redirect

    [2.3.0,2.4.0)
    • M
    Session Fixation

    [2.2.4,2.3.4)
    • M
    Information Exposure

    [,2.3.4)
    • M
    Cross-site Scripting (XSS)

    [,2.2.4)
    • H
    Command Injection

    [,2.2.4)
    • M
    Improper Access Control

    [,2.2.0)
    • H
    Improper Authentication

    [2.0.0,2.1.3)
    • M
    Information Exposure

    [,2.1.2)
    • M
    Cross-site Scripting (XSS)

    [,1.10.15)[2.0.0b1,2.0.2)
    • M
    Privilege Escalation

    [,2.0.1)
    • M
    Improper Authentication

    [2.0.0,2.0.1rc1)
    • M
    Improper Authentication

    [,1.10.14)
    • M
    Server-Side Request Forgery (SSRF)

    [,1.10.13)
    • H
    Credential Exposure

    [,1.10.13)
    • M
    Cross-site Scripting (XSS)

    [,2.0.2)
    • M
    Insecure Defaults

    [,1.10.11)
    • H
    Cross-site Scripting (XSS)

    [,1.10.12)
    • H
    Cross-site Scripting (XSS)

    [0,1.10.11)
    • H
    Cross-site Scripting (XSS)

    [0,1.10.11)
    • H
    Remote Code Execution (RCE)

    [0,1.10.11)
    • H
    Command Injection

    [0,1.10.11)
    • H
    Insecure Default

    [0,1.10.11)
    • M
    Cross-site Scripting (XSS)

    [,1.10.5)
    • H
    Arbitrary Code Execution

    [,1.10.6)
    • M
    Information Exposure

    [,1.10.5)
    • M
    Cross-site Request Forgery (CSRF)

    [,1.10.3)
    • M
    Cross-site Scripting (XSS)

    [,1.10.3)
    • M
    Cross-site Scripting (XSS)

    [,1.10.2)
    • H
    Improper Certificate Validation

    [,1.10.1)
    • M
    Information Exposure

    [1.8.2,1.9.0)
    • M
    Cross-site Scripting (XSS)

    [,1.9.0)
    • M
    Arbitrary Code Execution

    [,1.9.0)
    • M
    Cross-site Scripting (XSS)

    [1.6.0,1.9.0)
    • M
    Cross-site Request Forgery (CSRF)

    [,1.9.0)

    Package versions

    252 VERSIONS IN TOTAL See all versions
    versionpublisheddirect vulnerabilities
    3.1.1rc122 Oct, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.025 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0rc223 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0rc119 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0b215 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0b19 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.629 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.6rc226 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.6rc122 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.520 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L