Vulnerabilities > Apache > Airflow > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-05-08 CVE-2023-25754 Unspecified vulnerability in Apache Airflow
Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.
network
low complexity
apache
critical
9.8
2023-01-21 CVE-2023-22884 Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0.
network
low complexity
apache CWE-77
critical
9.8
2022-11-22 CVE-2022-40189 OS Command Injection vulnerability in Apache Airflow
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Pig Provider, Apache Airflow allows an attacker to control commands executed in the task execution context, without write access to DAG files.
network
low complexity
apache CWE-78
critical
9.8
2021-09-09 CVE-2021-38540 Missing Authentication for Critical Function vulnerability in Apache Airflow
The variable import endpoint was not protected by authentication in Airflow >=2.0.0, <2.1.3.
network
low complexity
apache CWE-306
critical
9.8
2020-11-10 CVE-2020-13927 Insecure Default Initialization of Resource vulnerability in Apache Airflow
The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact.
network
low complexity
apache CWE-1188
critical
9.8
2019-01-23 CVE-2017-17836 Credentials Management vulnerability in Apache Airflow
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow.
network
low complexity
apache CWE-255
critical
9.8