apache-airflow vulnerabilities

Programmatically author, schedule and monitor data pipelines

latest version

3.1.0

latest non vulnerable version

first published

8 years ago

latest version published

27 days ago

licenses detected

Apache-2.0
[0,)

View apache-airflow package health on Snyk Advisor (opens in a new tab)

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the apache-airflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Insertion of Sensitive Information into Log File	[,2.10.3rc1)
M Uninitialized Memory Exposure	[,2.10.3)
H Execution with Unnecessary Privileges	[,2.10.1)
H Improper Encoding or Escaping of Output	[,2.10.1)
M Cross-site Scripting (XSS)	[,2.10.0)
M Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')	[,2.9.3)
H Improper Control of Generation of Code ('Code Injection')	[2.4.0,2.9.3)
M Use of Web Browser Cache Containing Sensitive Information	[,2.9.2)
M Cross-site Scripting (XSS)	[2.9.0,2.9.1)
H Improper Certificate Validation	[,2.9.0b1)
M Information Exposure	[2.7.0,2.9.0)
H Arbitrary Code Execution	[,1.9.0)
M Improper Preservation of Permissions	[2.8.2,2.8.4)
M Incorrect Privilege Assignment	[2.8.0,2.8.3rc1)
M Incorrect Default Permissions	[,2.8.2rc1)
M Exposure of Resource to Wrong Sphere	[,2.8.2)
M Improper Authorization	[,2.6.3)
M Deserialization of Untrusted Data	[,2.8.1)
M Missing Authorization	[,2.8.1)
M Insertion of Sensitive Information into Log File	[2.3.0,2.6.1)
M Denial of Service (DoS)	[,2.6.3)
M Cross-site Request Forgery (CSRF)	[2.7.0,2.8.0)
M Improper Access Control	[,2.8.0b1)
M Cross-site Scripting (XSS)	[2.6.0,2.8.0b1)
M Improper Access Control	[,2.8.0b1)
M Incorrect Authorization	[,2.7.3)
M Improper Access Control	[,2.7.3)
M Information Exposure	[2.4.0,2.7.0b1)
M Information Exposure	[2.7.0,2.7.2)
M Improper Access Control	[,2.7.2)
M Improper Access Control	[,2.7.2)
M Information Exposure	[,2.7.2)
M Insecure Defaults	[,2.7.0)
M Incorrect Authorization	[,2.7.3)
M Information Exposure	[,2.7.1)
M Cross-site Scripting (XSS)	[,1.9.0)
H Denial of Service (DoS)	[,2.7.0)
M Improper Certificate Validation	[,2.7.0)
H Session Fixation	[,2.7.0)
H Execution with Unnecessary Privileges	[,2.6.0b1)
M Improper Input Validation	[,2.6.3)
M Incorrect Authorization	[,2.6.3)
M Directory Traversal	[,2.6.3)
M Information Exposure	[,2.6.3)
L Information Exposure	[2.5.0,2.6.2)
M Privilege Escalation	[,2.6.0)
M Cross-site Scripting (XSS)	[,2.6.0)
M Information Exposure	[,2.5.2)
C Command Injection	[,2.5.1)
M Open Redirect	[,2.4.3)
M Information Exposure	[,2.3.1)
M Command Injection	[,2.4.0)
M Open Redirect	[,2.4.2)
M Cross-site Scripting (XSS)	[,2.4.2)
M Access Restriction Bypass	[,2.4.1)
M Information Exposure	[2.3.0,2.3.4)
M Open Redirect	[2.3.0,2.4.0)
M Session Fixation	[2.2.4,2.3.4)
M Information Exposure	[,2.3.4)
M Cross-site Scripting (XSS)	[,2.2.4)
H Command Injection	[,2.2.4)
M Improper Access Control	[,2.2.0)
H Improper Authentication	[2.0.0,2.1.3)
M Information Exposure	[,2.1.2)
M Cross-site Scripting (XSS)	[,1.10.15)[2.0.0b1,2.0.2)
M Privilege Escalation	[,2.0.1)
M Improper Authentication	[2.0.0,2.0.1rc1)
M Improper Authentication	[,1.10.14)
M Server-Side Request Forgery (SSRF)	[,1.10.13)
H Credential Exposure	[,1.10.13)
M Cross-site Scripting (XSS)	[,2.0.2)
M Insecure Defaults	[,1.10.11)
H Cross-site Scripting (XSS)	[,1.10.12)
H Cross-site Scripting (XSS)	[0,1.10.11)
H Cross-site Scripting (XSS)	[0,1.10.11)
H Remote Code Execution (RCE)	[0,1.10.11)
H Command Injection	[0,1.10.11)
H Insecure Default	[0,1.10.11)
M Cross-site Scripting (XSS)	[,1.10.5)
H Arbitrary Code Execution	[,1.10.6)
M Information Exposure	[,1.10.5)
M Cross-site Request Forgery (CSRF)	[,1.10.3)
M Cross-site Scripting (XSS)	[,1.10.3)
M Cross-site Scripting (XSS)	[,1.10.2)
H Improper Certificate Validation	[,1.10.1)
M Information Exposure	[1.8.2,1.9.0)
M Cross-site Scripting (XSS)	[,1.9.0)
M Arbitrary Code Execution	[,1.9.0)
M Cross-site Scripting (XSS)	[1.6.0,1.9.0)
M Cross-site Request Forgery (CSRF)	[,1.9.0)

Package versions

252 VERSIONS IN TOTAL See all versions

version	published	direct vulnerabilities
3.1.1rc1	22 Oct, 2025	0 C 0 H 0 M 0 L
3.1.0	25 Sep, 2025	0 C 0 H 0 M 0 L
3.1.0rc2	23 Sep, 2025	0 C 0 H 0 M 0 L
3.1.0rc1	19 Sep, 2025	0 C 0 H 0 M 0 L
3.1.0b2	15 Sep, 2025	0 C 0 H 0 M 0 L
3.1.0b1	9 Sep, 2025	0 C 0 H 0 M 0 L
3.0.6	29 Aug, 2025	0 C 0 H 0 M 0 L
3.0.6rc2	26 Aug, 2025	0 C 0 H 0 M 0 L
3.0.6rc1	22 Aug, 2025	0 C 0 H 0 M 0 L
3.0.5	20 Aug, 2025	0 C 0 H 0 M 0 L