Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Airflow — Vulnerabilities & Security Advisories 111

All 111 CVE vulnerabilities found in Apache Airflow, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2024-45784 Apache Airflow: Sensitive configuration values are not masked in the logs by default CWE-1295 6.5AIMediumAI2024-11-15
CVE-2024-50378 Apache Airflow: Secrets not masked in UI when sensitive variables are set via Airflow cli CWE-201 6.5 -2024-11-08
CVE-2024-45034 Apache Airflow: Authenticated DAG authors could execute code on scheduler nodes CWE-250 7.8 -2024-09-07
CVE-2024-45498 Apache Airflow: Command Injection in an example DAG CWE-116 8.8 -2024-09-07
CVE-2024-41937 Apache Airflow: Stored XSS Vulnerability on provider link CWE-79 6.1AIMediumAI2024-08-21
CVE-2024-39877 Apache Airflow: DAG Author Code Execution possibility in airflow-scheduler CWE-94 8.8AIHighAI2024-07-17
CVE-2024-39863 Apache Airflow: Potential XSS Vulnerability CWE-79 5.4AIMediumAI2024-07-17
CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache CWE-525 7.5AIHighAI2024-06-14
CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details CWE-79 7.1 -2024-05-14
CVE-2024-31869 Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used CWE-200 6.5 -2024-04-18
CVE-2024-29735 Apache Airflow: Potentially harmful permission changing by log task handler CWE-281 8.1AIHighAI2024-03-26
CVE-2024-28746 Apache Airflow: Ignored Airflow Permissions CWE-281 4.3AIMediumAI2024-03-14
CVE-2024-26280 Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs) CWE-276 2.7 -2024-03-01
CVE-2024-27906 Apache Airflow: Dag Code and Import Error Permissions Ignored CWE-862 4.3 -2024-02-29
CVE-2023-50944 Apache Airflow: Bypass permission verification to read code of other dags CWE-862 6.5 -2024-01-24
CVE-2023-50943 Apache Airflow: Potential pickle deserialization vulnerability in XComs CWE-502 8.2 -2024-01-24
CVE-2023-48291 Apache Airflow: Improper access control to DAG resources CWE-668 4.3AIMediumAI2023-12-21
CVE-2023-50783 Apache Airflow: Improper access control vulnerability on the "varimport" endpoint CWE-284 6.5AIMediumAI2023-12-21
CVE-2023-47265 Apache Airflow: DAG Params alllow to embed unchecked Javascript CWE-79 5.4AIMediumAI2023-12-21
CVE-2023-49920 Apache Airflow: Missing CSRF protection on DAG/trigger CWE-352 8.3AIHighAI2023-12-21
CVE-2023-42781 Apache Airflow: Permission verification bypass allows viewing dagruns of other dags CWE-200 4.3 -2023-11-12
CVE-2023-47037 Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) CWE-863 5.4 -2023-11-12
CVE-2023-46288 Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set CWE-200 4.3 -2023-10-23
CVE-2023-42663 Apache Airflow: Bypass permission verification to view task instances of other dags CWE-200 4.3 -2023-10-14
CVE-2023-42792 Apache Airflow: Improper access control to DAG resources CWE-668 4.3 -2023-10-14
CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability CWE-200 4.3 -2023-10-14
CVE-2023-42780 Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature CWE-200 4.3 -2023-10-14
CVE-2023-40712 Apache Airflow: Secrets can be unmasked in the "Rendered Template" CWE-200 4.3 -2023-09-12
CVE-2023-40611 Apache Airflow Dag Runs Broken Access Control Vulnerability CWE-863 7.1 -2023-09-12
CVE-2023-37379 Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature CWE-400 8.1 -2023-08-23

All 111 known CVE vulnerabilities affecting Apache Airflow with full Chinese analysis, references, and POCs where available.