Security
Headlines

Headlines Latest CVEs

Headline

GHSA-273c-4g26-4jpm: Apache Airflow `/api/v2/dagReports` executes DAG Python in API

API users via /api/v2/dagReports could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.

22 hours ago

#apache #git #intel

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewDiscover and integrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-62402

Apache Airflow `/api/v2/dagReports` executes DAG Python in API

Moderate severity GitHub Reviewed Published Oct 30, 2025 to the GitHub Advisory Database • Updated Oct 30, 2025

Package

pip apache-airflow (pip)

Affected versions

>= 3.0.0, < 3.1.1

Description

Published to the GitHub Advisory Database

Oct 30, 2025

Last updated

Oct 30, 2025

EPSS score

ghsa: Latest News

GHSA-g59r-24g3-h7cm: Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation

17 hours ago

GHSA-29xp-372q-xqph: node-tar has a race condition leading to uninitialized memory exposure

18 hours ago

GHSA-fj2x-735w-74vq: gnark-crypto allows unchecked memory allocation during vector deserialization

18 hours ago

GHSA-cf57-c578-7jvv: Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode

18 hours ago

GHSA-xgp7-7qjq-vg47: n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook

18 hours ago