Headline
GHSA-7c2f-r6gc-h92h: Apache Airflow proxy credentials for various providers might leak in task logs
In Apache Airflow versions before 3.1.6, the proxies and proxy fields within a Connection may include proxy URLs containing embedded authentication information. These fields were not treated as sensitive by default and therefore were not automatically masked in log output. As a result, when such connections are rendered or printed to logs, proxy credentials embedded in these fields could be exposed.
Users are recommended to upgrade to 3.1.6 or later, which fixes this issue
Skip to content
Navigation Menu
AI CODE CREATION
GitHub CopilotWrite better code with AI
GitHub SparkBuild and deploy intelligent apps
GitHub ModelsManage and compare prompts
MCP RegistryNewIntegrate external tools
View all features
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
Appearance settings
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-68675
Apache Airflow proxy credentials for various providers might leak in task logs
High severity GitHub Reviewed Published Jan 16, 2026 to the GitHub Advisory Database • Updated Jan 16, 2026
Package
pip apache-airflow (pip)
Affected versions
< 3.1.6
Description
Published to the GitHub Advisory Database
Jan 16, 2026
Last updated
Jan 16, 2026