PyPI/apache-airflow-core — 4 CVEs

HIGH7.5CVE-2026-32228Apache Airflow allows users with asset materialize permissions to trigger DAGs outside of their permissions

>= 3.0.0, < 3.2.0

HIGH7.2CVE-2026-25917Apache Airflow allows code execution through crafted XCom payloads

from 0, < 3.2.0

MEDIUM5.3CVE-2026-30912Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false

from 0, < 3.2.0

LOW3.7Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

>= 3.0.0, < 3.2.0

pkg:PyPI/apache-airflow-core