apache-airflow vulnerabilities

Programmatically author, schedule and monitor data pipelines

  • latest version

    3.1.0

  • latest non vulnerable version

  • first published

    8 years ago

  • latest version published

    6 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the apache-airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Insertion of Sensitive Information into Log File

    [,2.10.3rc1)
    • M
    Uninitialized Memory Exposure

    [,2.10.3)
    • H
    Execution with Unnecessary Privileges

    [,2.10.1)
    • H
    Improper Encoding or Escaping of Output

    [,2.10.1)
    • M
    Cross-site Scripting (XSS)

    [,2.10.0)
    • M
    Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

    [,2.9.3)
    • H
    Improper Control of Generation of Code ('Code Injection')

    [2.4.0,2.9.3)
    • M
    Use of Web Browser Cache Containing Sensitive Information

    [,2.9.2)
    • M
    Cross-site Scripting (XSS)

    [2.9.0,2.9.1)
    • H
    Improper Certificate Validation

    [,2.9.0b1)
    • M
    Information Exposure

    [2.7.0,2.9.0)
    • H
    Arbitrary Code Execution

    [,1.9.0)
    • M
    Improper Preservation of Permissions

    [2.8.2,2.8.4)
    • M
    Incorrect Privilege Assignment

    [2.8.0,2.8.3rc1)
    • M
    Incorrect Default Permissions

    [,2.8.2rc1)
    • M
    Exposure of Resource to Wrong Sphere

    [,2.8.2)
    • M
    Improper Authorization

    [,2.6.3)
    • M
    Deserialization of Untrusted Data

    [,2.8.1)
    • M
    Missing Authorization

    [,2.8.1)
    • M
    Insertion of Sensitive Information into Log File

    [2.3.0,2.6.1)
    • M
    Denial of Service (DoS)

    [,2.6.3)
    • M
    Cross-site Request Forgery (CSRF)

    [2.7.0,2.8.0)
    • M
    Improper Access Control

    [,2.8.0b1)
    • M
    Cross-site Scripting (XSS)

    [2.6.0,2.8.0b1)
    • M
    Improper Access Control

    [,2.8.0b1)
    • M
    Incorrect Authorization

    [,2.7.3)
    • M
    Improper Access Control

    [,2.7.3)
    • M
    Information Exposure

    [2.4.0,2.7.0b1)
    • M
    Information Exposure

    [2.7.0,2.7.2)
    • M
    Improper Access Control

    [,2.7.2)
    • M
    Improper Access Control

    [,2.7.2)
    • M
    Information Exposure

    [,2.7.2)
    • M
    Insecure Defaults

    [,2.7.0)
    • M
    Incorrect Authorization

    [,2.7.3)
    • M
    Information Exposure

    [,2.7.1)
    • M
    Cross-site Scripting (XSS)

    [,1.9.0)
    • H
    Denial of Service (DoS)

    [,2.7.0)
    • M
    Improper Certificate Validation

    [,2.7.0)
    • H
    Session Fixation

    [,2.7.0)
    • H
    Execution with Unnecessary Privileges

    [,2.6.0b1)
    • M
    Improper Input Validation

    [,2.6.3)
    • M
    Incorrect Authorization

    [,2.6.3)
    • M
    Directory Traversal

    [,2.6.3)
    • M
    Information Exposure

    [,2.6.3)
    • L
    Information Exposure

    [2.5.0,2.6.2)
    • M
    Privilege Escalation

    [,2.6.0)
    • M
    Cross-site Scripting (XSS)

    [,2.6.0)
    • M
    Information Exposure

    [,2.5.2)
    • C
    Command Injection

    [,2.5.1)
    • M
    Open Redirect

    [,2.4.3)
    • M
    Information Exposure

    [,2.3.1)
    • M
    Command Injection

    [,2.4.0)
    • M
    Open Redirect

    [,2.4.2)
    • M
    Cross-site Scripting (XSS)

    [,2.4.2)
    • M
    Access Restriction Bypass

    [,2.4.1)
    • M
    Information Exposure

    [2.3.0,2.3.4)
    • M
    Open Redirect

    [2.3.0,2.4.0)
    • M
    Session Fixation

    [2.2.4,2.3.4)
    • M
    Information Exposure

    [,2.3.4)
    • M
    Cross-site Scripting (XSS)

    [,2.2.4)
    • H
    Command Injection

    [,2.2.4)
    • M
    Improper Access Control

    [,2.2.0)
    • H
    Improper Authentication

    [2.0.0,2.1.3)
    • M
    Information Exposure

    [,2.1.2)
    • M
    Cross-site Scripting (XSS)

    [,1.10.15)[2.0.0b1,2.0.2)
    • M
    Privilege Escalation

    [,2.0.1)
    • M
    Improper Authentication

    [2.0.0,2.0.1rc1)
    • M
    Improper Authentication

    [,1.10.14)
    • M
    Server-Side Request Forgery (SSRF)

    [,1.10.13)
    • H
    Credential Exposure

    [,1.10.13)
    • M
    Cross-site Scripting (XSS)

    [,2.0.2)
    • M
    Insecure Defaults

    [,1.10.11)
    • H
    Cross-site Scripting (XSS)

    [,1.10.12)
    • H
    Cross-site Scripting (XSS)

    [0,1.10.11)
    • H
    Cross-site Scripting (XSS)

    [0,1.10.11)
    • H
    Remote Code Execution (RCE)

    [0,1.10.11)
    • H
    Insecure Default

    [0,1.10.11)
    • H
    Command Injection

    [0,1.10.11)
    • M
    Cross-site Scripting (XSS)

    [,1.10.5)
    • H
    Arbitrary Code Execution

    [,1.10.6)
    • M
    Information Exposure

    [,1.10.5)
    • M
    Cross-site Request Forgery (CSRF)

    [,1.10.3)
    • M
    Cross-site Scripting (XSS)

    [,1.10.3)
    • M
    Cross-site Scripting (XSS)

    [,1.10.2)
    • H
    Improper Certificate Validation

    [,1.10.1)
    • M
    Information Exposure

    [1.8.2,1.9.0)
    • M
    Cross-site Scripting (XSS)

    [,1.9.0)
    • M
    Arbitrary Code Execution

    [,1.9.0)
    • M
    Cross-site Scripting (XSS)

    [1.6.0,1.9.0)
    • M
    Cross-site Request Forgery (CSRF)

    [,1.9.0)

    Package versions

    251 VERSIONS IN TOTAL See all versions
    versionpublisheddirect vulnerabilities
    3.1.025 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0rc223 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0rc119 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0b215 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.1.0b19 Sep, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.629 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.6rc226 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.6rc122 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.520 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L
    3.0.5rc318 Aug, 2025
    • 0
      C
    • 0
      H
    • 0
      M
    • 0
      L