2
0
2
0
Vulnerability Timeline
2 vulnerabilities discovered over time for Airflow
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2025-27555 | 6.5 | Authenticated users with access to audit logs can view sensitive connection details that should remain hidden, as these values are stored unencrypted in the Airflow database. To mitigate this risk, users should upgrade to version 2.11.1 or later and manually remove any sensitive entries from the log. | apacheairflow | Exploit Available | about 1 month agoFeb 24, 2026 |
| CVE-2024-56373 | 8.4 | This vulnerability allows a user with high-level permissions in Apache Airflow to execute arbitrary code on the web server by manipulating the database, particularly when viewing historical task logs. To mitigate this risk, users should upgrade to Airflow 3 or disable the log template history feature, which is turned off by default in version 2.11.1. | apacheairflow | Exploit Available | about 1 month agoFeb 24, 2026 |
About Apache Airflow Security
This page provides comprehensive security vulnerability tracking for Apache Airflow. Our database includes all CVEs affecting this product, updated in real-time from official sources.
Each vulnerability listing includes detailed CVSS severity analysis, exploit availability status, AI-generated explanations, and direct links to official security patches and vendor advisories.
Security Recommendations
- • Always keep Airflow updated to the latest version
- • Subscribe to security advisories from Apache
- • Monitor this page for new vulnerabilities affecting your version
- • Prioritize patching critical and high severity issues immediately