Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Apache Airflow — Vulnerabilities & Security Advisories 111

All 111 CVE vulnerabilities found in Apache Airflow, with AI-generated Chinese analysis, references, and POCs.

Vendor: Apache Software Foundation

CVE IDTitleCVSSSeverityPublished
CVE-2023-40273 Session fixation in Apache Airflow web interface CWE-384 8.8 -2023-08-23
CVE-2023-39508 Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges CWE-250 8.8 -2023-08-05
CVE-2023-22888 Apache Airflow: Scheduler remote DoS CWE-20 6.5 -2023-07-12
CVE-2023-36543 Apache Airflow: ReDoS via dags function CWE-1333 6.5 -2023-07-12
CVE-2022-46651 Apache Airflow: Security vulnerability on AirFlow Connections CWE-200 6.5 -2023-07-12
CVE-2023-22887 Apache Airflow path traversal by authenticated user CWE-22 6.5 -2023-07-12
CVE-2023-35908 Apache Airflow: Access to DAGs without relevant permission CWE-863 5.3 -2023-07-12
CVE-2023-35005 Apache Airflow: Information disclosure on configuration view CWE-200 7.5 -2023-06-19
CVE-2023-25754 Apache Airflow: Privilege escalation using airflow logs CWE-270 7.5 -2023-05-08
CVE-2023-29247 Stored XSS on Apache Airflow CWE-79 6.1 -2023-05-08
CVE-2023-25695 Information disclosure in Apache Airflow CWE-209 5.3 -2023-03-15
CVE-2023-22884 Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow CWE-77 9.8 -2023-01-21
CVE-2022-45402 Apache Airflow: Open redirect during login CWE-601 6.1 -2022-11-15
CVE-2022-27949 Apache Airflow prior to 2.3.1 may include sensitive values in rendered template CWE-200 7.5 -2022-11-14
CVE-2022-40127 Apache Airflow <2.4.0 has an RCE in a bash example CWE-94 8.8 -2022-11-14
CVE-2022-43982 Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL CWE-79 6.1 -2022-11-02
CVE-2022-43985 Apache Airflow prior to 2.4.2 has an open redirect CWE-601 6.1 -2022-11-02
CVE-2022-41672 Session still functional after user is deactivated CWE-613 8.1 -2022-10-07
CVE-2022-40754 Open Redirect CWE-601 6.1 -2022-09-21
CVE-2022-40604 Format String Vulnerability CWE-134 7.5 -2022-09-21
CVE-2022-38054 Session Fixation CWE-384 9.8 -2022-09-02
CVE-2022-38170 Overly permissive umask for daemons 4.7 -2022-09-02
CVE-2022-38362 Docker Provider <3.0 RCE vulnerability in example dag 8.8 -2022-08-16
CVE-2022-24288 Apache Airflow: RCE in example DAGs CWE-78 8.8 -2022-02-25
CVE-2021-45229 Apache Airflow: Reflected XSS via Origin Query Argument in URL CWE-79 6.1 -2022-02-25
CVE-2021-45230 Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver 6.5 -2022-01-20
CVE-2021-38540 Apache Airflow: Variable Import endpoint missed authentication check CWE-269 9.8 -2021-09-09
CVE-2021-35936 No Authentication on Logging Server CWE-200 5.3 -2021-08-16
CVE-2021-28359 Apache Airflow Reflected XSS via Origin Query Argument in URL 6.1 -2021-05-02
CVE-2021-26697 Apache Airflow: Lineage API endpoint for Experimental API missed authentication check CWE-269 5.3 -2021-02-17

All 111 known CVE vulnerabilities affecting Apache Airflow with full Chinese analysis, references, and POCs where available.