pkg:Bitnami/airflow

109 total CVEsCRITICAL10HIGH31MEDIUM66LOW2

✅ Check your installed version

All known vulnerabilities

CRITICAL9.8CVE-2020-13927⚠ KEVAuthentication bypass in Apache Airflow
from 0, < 1.10.11
HIGH8.8CVE-2020-11978⚠ KEVRemote code execution (RCE) in Apache Airflow
from 0, < 1.10.11
CRITICAL9.8CVE-2023-25754Apache Airflow: Privilege escalation using airflow logs
from 0, < 2.6.0
CRITICAL9.8CVE-2023-22884Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
from 0, < 2.5.1
CRITICAL9.8CVE-2022-40189Apache Airlfow Pig Provider RCE
from 0, < 2.3.0
CRITICAL9.8CVE-2022-38649Apache Airflow Pinot provider allowed Command Injection
from 0, < 2.3.0
CRITICAL9.8CVE-2022-38054Session Fixation
>= 2.2.4, < 2.3.4
CRITICAL9.8CVE-2021-38540Apache Airflow: Variable Import endpoint missed authentication check
>= 2.0.0, < 2.1.3
CRITICAL9.8CVE-2020-11982Insecure default config of Celery worker in Apache Airflow
from 0, < 1.10.11
CRITICAL9.8CVE-2020-11981Command injection via Celery broker in Apache Airflow
from 0, < 1.10.11
CRITICAL9.1CVE-2025-57735Apache Airflow: JWT token still valid after logout
>= 3.0.0, < 3.2.0
HIGH8.8CVE-2026-30898Apache Airflow: Bad example of BashOperator shell injection via dag_run.conf
from 0, < 3.2.0
HIGH8.8CVE-2026-33858Apache Airflow: Unsafe Deserialization via Legacy Serialization Keys (__type/__var) Bypass in XCom API
>= 3.1.8, < 3.2.0
HIGH8.8CVE-2024-45498Apache Airflow: Command Injection in an example DAG
>= 2.10.0, < 2.10.1
HIGH8.8CVE-2024-45034Apache Airflow vulnerable to Execution with Unnecessary Privileges
from 0, < 2.10.1
HIGH8.8CVE-2024-39877Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
>= 2.4.0, < 2.9.3
HIGH8.8CVE-2023-39508Apache Airflow: Airflow "Run task" feature allows execution with unnecessary priviledges
from 0, < 2.6.0
HIGH8.8CVE-2022-40127Apache Airflow <2.4.0 has an RCE in a bash example
from 0, < 2.4.0
HIGH8.8CVE-2022-24288Apache Airflow: RCE in example DAGs
from 0, < 2.2.4
HIGH8.4CVE-2024-56373Apache Airflow vulnerable to Code Injection in the web-server context via LogTemplate table
from 0, < 2.11.1
HIGH8.1CVE-2025-54550Apache Airflow: RCE by race condition in example_xcom dag
from 0, < 3.2.0
HIGH8.1CVE-2026-30911Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization
>= 3.1.0, < 3.1.8
HIGH8.1CVE-2024-28746Apache Airflow: Ignored Airflow Permissions
>= 2.8.0, < 2.8.3
HIGH8.1CVE-2023-37379Apache Airflow: Exposure of sensitive connection information, DOS and SSRF on "test connection" feature
from 0, < 2.7.0
HIGH8.1CVE-2022-41672Session still functional after user is deactivated
from 0, < 2.4.2
HIGH8.0CVE-2023-40273Session fixation in Apache Airflow web interface
from 0, < 2.7.1
HIGH7.8CVE-2022-41131Apache Airflow Hive Provider vulnerability (command injection via hive_cli connection)
from 0, < 2.3.0
HIGH7.7CVE-2020-17526Incorrect Session Validation in Apache Airflow
from 0, < 1.10.14
HIGH7.5CVE-2026-32228Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to
>= 3.0.0, < 3.2.0
HIGH7.5CVE-2026-31987Apache Airflow: JWT token appearing in logs
>= 3.0.0, < 3.2.0
HIGH7.5CVE-2025-66236Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI
>= 3.0.0, < 3.2.0
HIGH7.5CVE-2026-28779Apache Airflow: Path of session token in cookie does not consider base_url - session hijacking via co-hosted applications
>= 3.0.0, < 3.1.8
HIGH7.5CVE-2026-26929Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata
>= 3.0.0, < 3.1.8
HIGH7.5CVE-2025-68438Apache Airflow: Secrets in rendered templates could contain parts of sensitive values when truncated
>= 3.1.0, < 3.1.6
HIGH7.5CVE-2025-68675Apache Airflow: proxy credentials for various providers might leak in task logs
from 0, < 3.1.6
HIGH7.5CVE-2024-45784Apache Airflow: Sensitive configuration values are not masked in the logs by default
from 0, < 2.10.3
HIGH7.5CVE-2023-50943Apache Airflow: Potential pickle deserialization vulnerability in XComs
from 0, < 2.8.1
HIGH7.5CVE-2023-46215Apache Airflow Celery provider, Apache Airflow: Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend
>= 1.10.0, < 2.7.0
HIGH7.5CVE-2022-27949Apache Airflow prior to 2.3.1 may include sensitive values in rendered template
from 0, < 2.3.1
HIGH7.5CVE-2022-40604Format String Vulnerability
>= 2.3.0, < 2.3.5
HIGH7.2CVE-2026-25917Apache Airflow: API extra-links triggers XCom deserialization/class instantiation (Airflow 3.1.5)
from 0, < 3.2.0
MEDIUM6.5CVE-2026-25219Apache Airflow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access
from 0, < 3.1.8
MEDIUM6.5CVE-2026-34538Apache Airflow: Authorization bypass in DagRun wait endpoint (XCom exposure)
>= 3.0.0, < 3.2.0
MEDIUM6.5CVE-2025-27555Apache Airflow exposes sensitive information in its log files
from 0, < 2.11.1
MEDIUM6.5CVE-2025-65995Apache Airflow error reporting may expose full kwargs
from 0, < 2.11.1, >= 3.0.0, < 3.1.4
MEDIUM6.5CVE-2026-24098Apache Airflow: Assigning single DAG permission leaked all DAGs Import Errors
from 0, < 3.1.7
MEDIUM6.5CVE-2026-22922Apache Airflow: Airflow externalLogUrl Permission Bypass
>= 3.1.0, < 3.1.7
MEDIUM6.5CVE-2025-66388Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI
>= 3.1.0, < 3.1.4
MEDIUM6.5CVE-2025-54831Apache Airflow: Connection sensitive details exposed to users with READ permissions
>= 3.0.3, < 3.0.4
MEDIUM6.5CVE-2024-50378Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
from 0, < 2.10.3
MEDIUM6.5CVE-2023-50944Apache Airflow: Bypass permission verification to read code of other dags
from 0, < 2.8.1
MEDIUM6.5CVE-2023-51702Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
>= 2.3.0, < 2.6.1
MEDIUM6.5CVE-2023-49920Apache Airflow: Missing CSRF protection on DAG/trigger
>= 2.7.0, < 2.7.4
MEDIUM6.5CVE-2023-50783Apache Airflow: Improper access control vulnerability on the "varimport" endpoint
from 0, < 2.8.0
MEDIUM6.5CVE-2023-42781Apache Airflow: Permission verification bypass allows viewing dagruns of other dags
from 0, < 2.7.3
MEDIUM6.5CVE-2023-42663Apache Airflow: Bypass permission verification to view task instances of other dags
from 0, < 2.7.2
MEDIUM6.5CVE-2023-42792Apache Airflow: Improper access control to DAG resources
from 0, < 2.7.2
MEDIUM6.5CVE-2023-42780Apache Airflow: Improper access control vulnerability in the "List dag warnings" feature
from 0, < 2.7.2
MEDIUM6.5CVE-2023-40712Apache Airflow: Secrets can be unmasked in the "Rendered Template"
from 0, < 2.7.1
MEDIUM6.5CVE-2023-22887Apache Airflow path traversal by authenticated user
from 0, < 2.6.3
MEDIUM6.5CVE-2023-22888Apache Airflow: Scheduler remote DoS
from 0, < 2.6.3
MEDIUM6.5CVE-2023-35908Apache Airflow: Access to DAGs without relevant permission
from 0, < 2.6.3
MEDIUM6.5CVE-2023-36543Apache Airflow: ReDoS via dags function
from 0, < 2.6.3
MEDIUM6.5CVE-2022-46651Apache Airflow: Security vulnerability on AirFlow Connections
from 0, < 2.6.3
MEDIUM6.5CVE-2023-35005Apache Airflow: Information disclosure on configuration view
>= 2.5.0, < 2.6.2
MEDIUM6.5CVE-2021-45230Apache Airflow: Creating DagRuns didn't respect Dag-level permissions in the Webserver
>= 2.0.0, < 2.2.0
MEDIUM6.5CVE-2021-26559CWE-284 Improper Access Control on Configurations Endpoint for the Stable API
>= 2.0.0, < 2.0.1
MEDIUM6.1CVE-2024-41937Apache Airflow Cross-site Scripting Vulnerability
from 0, < 2.10.0
MEDIUM6.1CVE-2022-45402Apache Airflow: Open redirect during login
from 0, < 2.4.3
MEDIUM6.1CVE-2022-43982Apache Airflow prior to 2.4.2 allows reflected XSS via Origin Query Argument in URL
from 0, < 2.4.2
MEDIUM6.1CVE-2022-43985Apache Airflow prior to 2.4.2 has an open redirect
from 0, < 2.4.2
MEDIUM6.1CVE-2022-40754Open Redirect
>= 2.3.0, < 2.3.5
MEDIUM6.1CVE-2021-45229Apache Airflow: Reflected XSS via Origin Query Argument in URL
from 0, < 2.2.4
MEDIUM6.1CVE-2021-28359Apache Airflow Reflected XSS via Origin Query Argument in URL
>= 1.0.0, < 1.10.15, >= 2.0.0, < 2.0.2
MEDIUM6.1CVE-2020-13944Apache Airflow Cross-site Scripting
from 0, < 1.10.15, >= 2.0.0, < 2.0.2
MEDIUM6.1CVE-2020-17515Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
from 0, < 1.10.15, >= 2.0.0, < 2.0.2
MEDIUM6.1CVE-2020-9485Stored XSS in Apache Airflow
from 0, < 1.10.11
MEDIUM5.9CVE-2024-27906Apache Airflow: Dag Code and Import Error Permissions Ignored
from 0, < 2.8.2
MEDIUM5.9CVE-2023-39441Apache Airflow SMTP Provider, Apache Airflow IMAP Provider, Apache Airflow: SMTP/IMAP client components allowed MITM due to missing Certificate Validation
from 0, < 2.7.0
MEDIUM5.5CVE-2024-25142Apache Airflow does not return the "Cache-Control" header for dynamic content
from 0, < 2.9.2
MEDIUM5.5CVE-2022-40954Apache Airflow Spark Provider RCE that bypass restrictions to read arbitrary files
from 0, < 2.3.0
MEDIUM5.4CVE-2025-62402Apache Airflow: Airflow 3 API: /api/v2/dagReports executes DAG Python in API
>= 3.0.0, < 3.1.1
MEDIUM5.4CVE-2024-39863Apache Airflow Potential Cross-site Scripting Vulnerability
from 0, < 2.9.3
MEDIUM5.4CVE-2024-32077Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
>= 2.9.0, < 2.9.1
MEDIUM5.4CVE-2023-47265Apache Airflow: DAG Params alllow to embed unchecked Javascript
>= 2.6.0, < 2.7.4
MEDIUM5.4CVE-2023-29247Stored XSS on Apache Airflow
from 0, < 2.6.0
MEDIUM5.4CVE-2020-11983Multiple stored XSS in RBAC Admin screens in Apache Airflow
from 0, < 1.10.11
MEDIUM5.3CVE-2026-30912Apache Airflow: Exposing stack trace in case of constraint error
from 0, < 3.2.0
MEDIUM5.3CVE-2024-29735Apache Airflow: Potentially harmful permission changing by log task handler
>= 2.8.2, < 2.8.4
MEDIUM5.3CVE-2023-25695Information disclosure in Apache Airflow
from 0, < 2.5.2
MEDIUM5.3CVE-2021-35936No Authentication on Logging Server
from 0, < 2.1.2
MEDIUM5.3CVE-2021-26697Apache Airflow: Lineage API endpoint for Experimental API missed authentication check
>= 2.0.0, < 2.0.1
MEDIUM5.3CVE-2021-29621Observable Response Discrepancy in Flask-AppBuilder
>= 1.10.0, < 1.10.1
MEDIUM5.3CVE-2020-17513SSRF vulnerability in Apache Airflow
from 0, < 1.10.13
MEDIUM4.7CVE-2024-26280Apache Airflow: Overly broad default permissions for Viewer/Ops (audit logs)
from 0, < 2.8.2
MEDIUM4.7CVE-2022-38170Overly permissive umask for daemons
from 0, < 2.3.4
MEDIUM4.6CVE-2025-62503Apache Airflow: Privilege boundary bypass in bulk APIs (create action can upsert existing Pools/Connections/Variables)
>= 3.0.0, < 3.1.1
MEDIUM4.6CVE-2025-54941Apache Airflow: Command injection in "example_dag_decorator"
>= 3.0.0, < 3.0.5
MEDIUM4.3CVE-2026-40690Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
from 0, < 3.2.1
MEDIUM4.3CVE-2026-38743Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
from 0, < 3.2.1
MEDIUM4.3CVE-2026-28563Apache Airflow: DAG authorization bypass
>= 3.0.0, < 3.1.8
MEDIUM4.3CVE-2024-31869Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
>= 2.7.0, < 2.9.0
MEDIUM4.3CVE-2023-48291Apache Airflow: Improper access control to DAG resources
from 0, < 2.8.0
MEDIUM4.3CVE-2023-47037Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access)
from 0, < 2.7.3
MEDIUM4.3CVE-2023-46288Apache Airflow: Sensitive parameters exposed in API when "non-sensitive-only" configuration is set
>= 2.4.0, < 2.7.0
MEDIUM4.3CVE-2023-45348Apache Airflow: Configuration information leakage vulnerability
>= 2.7.0, < 2.7.2
MEDIUM4.3CVE-2023-40611Apache Airflow Dag Runs Broken Access Control Vulnerability
from 0, < 2.7.3
LOW3.7CVE-2026-32690Apache Airflow: 3.x - Nested Variable Secret Values Bypass Redaction via max_depth=1
>= 3.0.0, < 3.2.0
LOW2.8CVE-2020-17511Apache Airflow logs passwords in plaintext
from 0, < 1.10.13