Where
-Infinity
0

Trending

Last week
Last month
Last year

pypi/apache-airflow-providers-smtpApache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider

Risk 35
Severity
5.9
First published (updated )
CVE-2026-41016

Apache AirflowApache Airflow: Dags endpoint might provide access to otherwise inaccessible entities

Risk 24
Severity
4.3
First published (updated )
CVE-2026-38743

Apache AirflowApache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users

Risk 24
Severity
4.3
First published (updated )
CVE-2026-40690

Apache AirflowApache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

Risk 91
Severity
9.8
First published (updated )
CVE-2026-25917

Apache AirflowApache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32228
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: Bad example of BashOperator shell injection via dag_run.conf

Risk 83
Severity
8.8
First published (updated )
CVE-2026-30898

Apache Apache AirflowApache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1

Risk 21
Severity
3.7
First published (updated )
CVE-2026-32690

Apache AirflowApache Airflow: Exposing stack trace in case of constraint error

Risk 46
Severity
7.5
First published (updated )
CVE-2026-30912

oss-secCVE-2026-25917: Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)

First published (updated )
https://seclists.org/oss-sec/2026/q2/163

oss-secCVE-2026-32228: Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

First published (updated )
https://seclists.org/oss-sec/2026/q2/162
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

oss-secCVE-2026-30898: Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf

First published (updated )
https://seclists.org/oss-sec/2026/q2/161

Apache AirflowApache Airflow: JWT token appearing in logs

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31987

Apache AirflowApache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access

Risk 40
Severity
6.5
First published (updated )
CVE-2026-25219

Apache Apache AirflowApache Airflow: RCE by race condition in example_xcom dag

Risk 63
Severity
8.1
First published (updated )
CVE-2025-54550

Apache AirflowApache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Risk 83
Severity
8.8
First published (updated )
CVE-2026-33858
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Risk 46
Severity
7.5
First published (updated )
CVE-2025-66236

Apache AirflowApache Airflow: Airflow Logout Not Invalidating JWT

Risk 70
Severity
9.1
First published (updated )
CVE-2025-57735

oss-secCVE-2025-57735: Apache Airflow: Airflow Logout Not Invalidating JWT

First published (updated )
https://seclists.org/oss-sec/2026/q2/69

Apache Apache AirflowApache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)

Risk 40
Severity
6.5
First published (updated )
CVE-2026-34538

Apache AirflowApache Airflow: DAG authorization bypass

Risk 24
Severity
4.3
First published (updated )
CVE-2026-28563
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Risk 40
Severity
7.5
First published (updated )
CVE-2026-26929

Apache AirflowApache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Risk 45
Severity
8.1
EPSS
0.02%
First published (updated )
CVE-2026-30911

apache/airflowApache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Risk 46
Severity
7.5
First published (updated )
CVE-2026-28779

oss-secCVE-2026-26929: Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

First published (updated )
https://seclists.org/oss-sec/2026/q1/325

oss-secCVE-2026-30911: Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

First published (updated )
https://seclists.org/oss-sec/2026/q1/323
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

Risk 71
Severity
8.5
First published (updated )
CVE-2024-56373

pypi/apache-airflowApache Airflow: Connection Secrets not masked in UI when Connection are added via Airflow cli

Risk 40
Severity
6.5
First published (updated )
CVE-2025-27555

oss-secCVE-2025-27555: Apache Airflow: Connection Sects not masked in UI when Connection aadded via Airflow cli

First published (updated )
https://seclists.org/oss-sec/2026/q1/197

Apache AirflowApache Airflow: Airflow externalLogUrl Permission Bypass

Risk 28
Severity
6.5
EPSS
0.01%
First published (updated )
CVE-2026-22922

Apache AirflowApache Airflow: Assigning single DAG permission leaked all DAGs Import Errors

Risk 28
Severity
6.5
EPSS
0.04%
First published (updated )
CVE-2026-24098
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203