VIR
Vulnerability Intelligence Relay
Search
Stats
Package impact
Lookup
python
PyPI / apache-airflow
Severity
critical
high
medium
low
unknown
Min risk
0
Year
all
2027
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999
KEV
Has exploit
Source
all
AlmaLinux Errata
AMD Security (NVD wrap)
Apache HTTPD (NVD wrap)
Apple Security Advisories
Arch Linux Security
AWS Security Bulletins (RSS)
Azure Security (via MSRC)
Caddy (NVD wrap)
CVE.org cvelistV5
Debian Security Tracker
Docker (NVD wrap)
.NET (via GHSA NuGet)
Elasticsearch (NVD wrap)
Exploit-DB
GCP Security (RSS)
Gentoo GLSA
GitHub Security Advisories
Go Vulnerability DB
HAProxy (NVD wrap)
Intel Security (RSS + NVD)
Jetty (via GHSA Maven)
CISA KEV
Kubernetes (NVD + GHSA)
Linux Kernel (NVD wrap)
LiteSpeed (NVD wrap)
Maven (via OSV Maven)
Metasploit Modules
MongoDB (NVD wrap)
Microsoft MSRC
MySQL/MariaDB (NVD wrap)
Nginx (NVD wrap)
npm (via GHSA NPM)
NVD
NVIDIA Security (NVD wrap)
OpenLiteSpeed (NVD wrap)
OSV.dev
Packagist Security
PostgreSQL (NVD wrap)
PyPI (via OSV PyPI)
Red Hat OVAL
Redis (NVD wrap)
Rocky Linux Errata
RubySec Advisory DB
RustSec Advisory DB
SUSE Security
Ubuntu USN
Apply
Reset
CVE
Severity
CVSS
Risk
Published
Description
Impact
CVE-2026-25917
high
—
8.0
1mo ago
Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr…
python
CVE-2026-38743
medium
—
5.5
1mo ago
Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record
python
CVE-2026-40690
medium
—
5.5
1mo ago
Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions
python
Per page
25
50
100
200
500
Showing 1–3 of 3
← Prev
Page 1 of 1
Next →