
CVE-2023-29247 – Stored XSS on Apache Airflow
https://notcve.org/view.php?id=CVE-2023-29247
08 May 2023 — Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0. • https://github.com/apache/airflow/pull/30447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2023-28710 – Apache Airflow Spark Provider Arbitrary File Read via JDBC
https://notcve.org/view.php?id=CVE-2023-28710
07 Apr 2023 — Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. • http://www.openwall.com/lists/oss-security/2023/04/07/3 • CWE-20: Improper Input Validation •

CVE-2023-28706 – Apache Airflow Hive Provider Beeline Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28706
07 Apr 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. • http://www.openwall.com/lists/oss-security/2023/04/07/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVE-2023-28707 – Airflow Apache Drill Provider Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-28707
07 Apr 2023 — Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. • http://www.openwall.com/lists/oss-security/2023/04/07/1 • CWE-20: Improper Input Validation •

CVE-2023-25695 – Information disclosure in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-25695
15 Mar 2023 — Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. • https://github.com/apache/airflow/pull/29501 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVE-2023-25956 – Apache Airflow AWS Provider: Arbitrary file read via AWS provider
https://notcve.org/view.php?id=CVE-2023-25956
24 Feb 2023 — Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. • https://github.com/apache/airflow/pull/29587 • CWE-209: Generation of Error Message Containing Sensitive Information •

CVE-2023-25696 – Apache Airflow Hive Provider Beeline RCE
https://notcve.org/view.php?id=CVE-2023-25696
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. • https://github.com/apache/airflow/pull/29502 • CWE-20: Improper Input Validation •

CVE-2023-25693 – Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-25693
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. • https://github.com/apache/airflow/pull/29500 • CWE-20: Improper Input Validation •

CVE-2023-25692 – Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
https://notcve.org/view.php?id=CVE-2023-25692
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29499 • CWE-20: Improper Input Validation •

CVE-2023-25691 – Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-25691
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29497 • CWE-20: Improper Input Validation •