Where
AND
-Infinity
0

Trending

Last week
Last month
Last year

Apache AirflowApache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

Risk 46
Severity
7.5
First published (updated )
CVE-2026-32228

Apache AirflowApache Airflow: Bad example of BashOperator shell injection via dag_run.conf

Risk 83
Severity
8.8
First published (updated )
CVE-2026-30898

Apache AirflowApache Airflow: Exposing stack trace in case of constraint error

Risk 46
Severity
7.5
First published (updated )
CVE-2026-30912

Apache AirflowApache Airflow: JWT token appearing in logs

Risk 46
Severity
7.5
First published (updated )
CVE-2026-31987

Apache Apache AirflowApache Airflow: RCE by race condition in example_xcom dag

Risk 63
Severity
8.1
First published (updated )
CVE-2025-54550
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API

Risk 83
Severity
8.8
First published (updated )
CVE-2026-33858

Apache AirflowApache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI

Risk 46
Severity
7.5
First published (updated )
CVE-2025-66236

Apache AirflowApache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata

Risk 40
Severity
7.5
First published (updated )
CVE-2026-26929

Apache AirflowApache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

Risk 45
Severity
8.1
EPSS
0.02%
First published (updated )
CVE-2026-30911

apache/airflowApache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications

Risk 46
Severity
7.5
First published (updated )
CVE-2026-28779
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow: SSTI to Code Execution in Airflow through Shared DB Information

Risk 71
Severity
8.5
First published (updated )
CVE-2024-56373

Apache AirflowApache Airflow: proxy credentials for various providers might leak in task logs

Risk 46
Severity
7.5
First published (updated )
CVE-2025-68675

Apache AirflowApache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated

Risk 46
Severity
7.5
First published (updated )
CVE-2025-68438

pip/airflowApache Airflow: Sensitive configuration values are not masked in the logs by default

Risk 46
Severity
7.5
First published (updated )
CVE-2024-45784

pip/apache-airflowApache Airflow: Authenticated DAG authors could execute code on scheduler nodes

Risk 84
Severity
8.8
First published (updated )
CVE-2024-45034
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/apache-airflowApache Airflow: Command Injection in an example DAG

Risk 84
Severity
8.8
First published (updated )
CVE-2024-45498

Apache AirflowApache Airflow: DAG Author Code Execution possibility in airflow-scheduler

Risk 84
Severity
8.8
First published (updated )
CVE-2024-39877

Apache AirflowApache Airflow: Potential XSS Vulnerability

Risk 64
Severity
8.1
First published (updated )
CVE-2024-39863

pip/apache-airflowApache Airflow: Ignored Airflow Permissions

Risk 44
Severity
8.1
EPSS
0.04%
First published (updated )
CVE-2024-28746

pip/apache-airflowApache Airflow: Potential pickle deserialization vulnerability in XComs

Risk 46
Severity
7.5
First published (updated )
CVE-2023-50943
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

pip/apache-airflowApache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend

Risk 46
Severity
7.5
First published (updated )
CVE-2023-46215

Apache AirflowApache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature

Risk 64
Severity
8.1
First published (updated )
CVE-2023-37379

Apache AirflowSession fixation in Apache Airflow web interface

Risk 77
Severity
8
First published (updated )
CVE-2023-40273

Apache AirflowApache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges

Risk 84
Severity
8.8
First published (updated )
CVE-2023-39508

Apache Airflow CNCF KubernetesApache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Risk 70
Severity
7.2
First published (updated )
CVE-2023-33234
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Apache AirflowApache Airflow path traversal by authenticated user

Risk 66
Severity
7
First published (updated )
CVE-2023-22887

Apache AirflowApache Airflow Hive Provider vulnerability (command injection via hive_cli connection)

Risk 69
Severity
7.8
First published (updated )
CVE-2022-41131

Apache AirflowApache Airflow prior to 2.3.1 may include sensitive values in rendered template

Risk 45
Severity
7.5
First published (updated )
CVE-2022-27949

Apache AirflowApache Airflow <2.4.0 has an RCE in a bash example

Risk 82
Severity
8.8
First published (updated )
CVE-2022-40127

Apache AirflowSession still functional after user is deactivated

Risk 62
Severity
8.1
First published (updated )
CVE-2022-41672
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203