GHSA-vcf6-3wv2-5vcr

GitHub Security Advisory

Apache Airflow vulnerable to stored Cross-site Scripting

✓ GitHub Reviewed MODERATE Has CVE

Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0.

PyPI apache-airflow

Affected versions: 0 (fixed in 2.6.0)

CVE-2023-29247

GHSA ID

GHSA-vcf6-3wv2-5vcr

Published

May 8, 2023 12:30 PM

Last Modified

September 12, 2024 2:08 PM

CVSS Score

5.0 /10

Primary Ecosystem

PyPI

Primary Package

apache-airflow

GitHub Reviewed

✓ Yes

Last updated: July 27, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.