apk package

chainguard/airflow-core-3

pkg:apk/chainguard/airflow-core-3

Vulnerabilities (28)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-45409	Med	—	< 3.2.2-r0	3.2.2-r0	Jun 5, 2026	Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t
CVE-2026-42561	Hig	7.5	< 3.2.1-r1	3.2.1-r1	May 13, 2026	Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si
CVE-2026-44432	Hig	7.5	< 3.2.1-r1	3.2.1-r1	May 13, 2026	urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w
CVE-2026-44431	Med	5.3	< 3.2.1-r1	3.2.1-r1	May 13, 2026	urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CVE-2026-44307	Hig	—	< 3.2.1-r1	3.2.1-r1	May 12, 2026	Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads
CVE-2026-41205	Hig	7.5	< 3.2.1-r1	3.2.1-r1	Apr 23, 2026	Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable
CVE-2026-40347	Med	5.3	< 3.2.1-r0	3.2.1-r0	Apr 18, 2026	Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the
CVE-2025-57735	Cri	9.1	< 3.2.0-r2	3.2.0-r2	Apr 9, 2026	When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about th
CVE-2026-34538	Med	6.5	< 3.2.0-r2	3.2.0-r2	Apr 9, 2026	Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with
CVE-2026-39892	Cri	9.8	< 3.2.0-r2	3.2.0-r2	Apr 8, 2026	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner
CVE-2026-34073	Med	5.3	< 3.1.8-r3	3.1.8-r3	Mar 31, 2026	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently
CVE-2026-25645		—	< 3.1.8-r3	3.1.8-r3	Mar 25, 2026	Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid
CVE-2026-4539	Low	3.3	< 3.1.8-r2	3.1.8-r2	Mar 22, 2026	A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit
CVE-2026-32597	Hig	7.5	< 3.1.8-r1	3.1.8-r1	Mar 13, 2026	PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token i
CVE-2026-26007		—	< 3.1.7-r1	3.1.7-r1	Feb 10, 2026	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke
CVE-2026-22922		—	< 3.1.7-r0	3.1.7-r0	Feb 9, 2026	Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, whi
CVE-2026-24486		—	< 3.1.6-r1	3.1.6-r1	Jan 27, 2026	Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on th
CVE-2026-0994	Hig	7.5	< 3.2.0-r2	3.2.0-r2	Jan 23, 2026	A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l
CVE-2025-68675		—	< 3.1.6-r0	3.1.6-r0	Jan 16, 2026	In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log out
CVE-2025-68438		—	< 3.1.6-r0	3.1.6-r0	Jan 16, 2026	In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instanc

CVE-2026-45409MedJun 5, 2026
affected < 3.2.2-r0fixed 3.2.2-r0
Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as `"\u0660" * N` or `"\u30fb" * N + "\u6f22"` utilize t
CVE-2026-42561HigMay 13, 2026
affected < 3.2.1-r1fixed 3.2.1-r1
Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.27, python-multipart has a denial of service vulnerability in multipart part header parsing. When parsing multipart/form-data, MultipartParser previously had no limit on the number of part headers or the si
CVE-2026-44432HigMay 13, 2026
affected < 3.2.1-r1fixed 3.2.1-r1
urllib3 is an HTTP client library for Python. From 2.6.0 to before 2.7.0, urllib3 could decompress the whole response instead of the requested portion (1) during the second HTTPResponse.read(amt=N) call when the response was decompressed using the official Brotli library or (2) w
CVE-2026-44431MedMay 13, 2026
affected < 3.2.1-r1fixed 3.2.1-r1
urllib3 is an HTTP client library for Python. From 1.23 to before 2.7.0, cross-origin redirects followed from the low-level API via ProxyManager.connection_from_url().urlopen(..., assert_same_host=False) still forward these sensitive headers. This vulnerability is fixed in 2.7.0.
CVE-2026-44307HigMay 12, 2026
affected < 3.2.1-r1fixed 3.2.1-r1
Mako is a template library written in Python. Prior to 1.3.12, on Windows, a URI using backslash traversal (e.g. \..\..\ secret.txt) bypasses the directory traversal check in Template.__init__ and the posixpath-based normalization in TemplateLookup.get_template(), allowing reads
CVE-2026-41205HigApr 23, 2026
affected < 3.2.1-r1fixed 3.2.1-r1
Mako is a template library written in Python. Prior to 1.3.11, TemplateLookup.get_template() is vulnerable to path traversal when a URI starts with // (e.g., //../../../secret.txt). The root cause is an inconsistency between two slash-stripping implementations. Any file readable
CVE-2026-40347MedApr 18, 2026
affected < 3.2.1-r0fixed 3.2.1-r0
Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or epilogue sections. Upgrade to version 0.0.26 or later, which skips ahead to the
CVE-2025-57735CriApr 9, 2026
affected < 3.2.0-r2fixed 3.2.0-r2
When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about th
CVE-2026-34538MedApr 9, 2026
affected < 3.2.0-r2fixed 3.2.0-r2
Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with
CVE-2026-39892CriApr 8, 2026
affected < 3.2.0-r2fixed 3.2.0-r2
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulner
CVE-2026-34073MedMar 31, 2026
affected < 3.1.8-r3fixed 3.1.8-r3
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently
CVE-2026-25645Mar 25, 2026
affected < 3.1.8-r3fixed 3.1.8-r3
Requests is a HTTP library. Prior to version 2.33.0, the `requests.utils.extract_zipped_paths()` utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without valid
CVE-2026-4539LowMar 22, 2026
affected < 3.1.8-r2fixed 3.1.8-r2
A security flaw has been discovered in pygments up to 2.19.2. The impacted element is the function AdlLexer of the file pygments/lexers/archetype.py. The manipulation results in inefficient regular expression complexity. The attack is only possible with local access. The exploit
CVE-2026-32597HigMar 13, 2026
affected < 3.1.8-r1fixed 3.1.8-r1
PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit (Critical) Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token i
CVE-2026-26007Feb 10, 2026
affected < 3.1.7-r1fixed 3.1.7-r1
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to 46.0.5, the public_key_from_numbers (or EllipticCurvePublicNumbers.public_key()), EllipticCurvePublicNumbers.public_key(), load_der_public_key() and load_pem_public_ke
CVE-2026-22922Feb 9, 2026
affected < 3.1.7-r0fixed 3.1.7-r0
Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, whi
CVE-2026-24486Jan 27, 2026
affected < 3.1.6-r1fixed 3.1.6-r1
Python-Multipart is a streaming multipart parser for Python. Prior to version 0.0.22, a Path Traversal vulnerability exists when using non-default configuration options `UPLOAD_DIR` and `UPLOAD_KEEP_FILENAME=True`. An attacker can write uploaded files to arbitrary locations on th
CVE-2026-0994HigJan 23, 2026
affected < 3.2.0-r2fixed 3.2.0-r2
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages. Due to missing recursion depth accounting inside the internal Any-handling l
CVE-2025-68675Jan 16, 2026
affected < 3.1.6-r0fixed 3.1.6-r0
In Apache Airflow versions before 3.1.6, and 2.11.1 the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log out
CVE-2025-68438Jan 16, 2026
affected < 3.1.6-r0fixed 3.1.6-r0
In Apache Airflow versions before 3.1.6, when rendered template fields in a Dag exceed [core] max_templated_field_length, sensitive values could be exposed in cleartext in the Rendered Templates UI. This occurred because serialization of those fields used a secrets masker instanc

Page 1 of 2