apache-airflow vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-40690Mediumapache-airflow: Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissionsCVE-2026-38743Mediumapache-airflow: Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded…CVE-2026-32690Lowapache-airflow-core: Apache Airflow Exposes Secrets in Variables Saved as JSON DictionariesCVE-2026-31987Mediumapache-airflow: Apache Airflow: JWT token appearing in logsCVE-2025-54550Highapache-airflow: Apache Airflow: RCE by race condition in example_xcom dagCVE-2026-25219Mediumapache-airflow: Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers)…CVE-2026-33858Highapache-airflow: Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom…CVE-2025-66236Mediumapache-airflow: Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UICVE-2025-57735Criticalapache-airflow: Apache Airflow: JWT token still valid after logoutCVE-2026-34538Mediumapache-airflow: Apache Airflow has an authorization bypass in DagRun wait endpointCVE-2026-32794Mediumapache-airflow: Apache Airflow Provider for Databricks: TLS Certificate Verification is Disabled in Databricks…CVE-2026-30911Highapache-airflow: Apache Airflow: Execution API HITL Endpoints Missing Per-Task AuthorizationCVE-2026-28779Highapache-airflow: Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via…CVE-2026-28563Mediumapache-airflow: Apache Airflow: DAG authorization bypassCVE-2026-26929Highapache-airflow: Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks MetadataCVE-2025-27555Mediumapache-airflow: Apache Airflow exposes sensitive information in its log filesCVE-2024-56373Highapache-airflow: Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate tableCVE-2025-65995Mediumapache-airflow: Apache Airflow error reporting may expose full kwargsCVE-2026-22922Mediumapache-airflow: Apache Airflow Has an Authorization Bypass That Allows Unauthorized Task Log AccessCVE-2026-24098Mediumapache-airflow: Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated UsersCVE-2025-68675Highapache-airflow: Apache Airflow proxy credentials for various providers might leak in task logsCVE-2025-68438Highapache-airflow: Apache Airflow secrets in rendered templates could contain parts of sensitive values when truncatedCVE-2025-66388Mediumapache-airflow: Apache Airflow exposes secret values to authenticated UI users via rendered templatesCVE-2025-62503Mediumapache-airflow: Apache Airflow's create action can upsert existing Pools/Connections/VariablesCVE-2025-62402Mediumapache-airflow: Apache Airflow `/api/v2/dagReports` executes DAG Python in API

Stop the waste.
Protect your environment with Kodem.