Apache Airflow, versions before 2.7.2, has a vulnerability that allows an authorized user with access to read specific DAGs _only_ to read information about task instances in other DAGs. Users of Apache Airflow are advised to upgrade to version 2.7.2 or newer to mitigate the risk associated with this vulnerability.

Affected Packages

PyPI apache-airflow

Affected versions: 0 (fixed in 2.7.2)

Related CVEs

CVE-2023-42663

Key Information

GHSA ID

GHSA-32wr-qqw6-5mfp

Published

October 14, 2023 12:30 PM

Last Modified

February 13, 2025 7:18 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-airflow

GitHub Reviewed

✓ Yes

Dataset

Last updated: September 16, 2025 6:29 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.