Components
Vulnerabilities
Pricing
MCP
Docs
Sign up
Login
Find vulnerabilities. Fix fast with AI.
Search components by package, version, or CVE to get started.
Ecosystem
Package
Version
Vulnerabilities
CVE-2025-62402
CVE-2025-62402
API users via `/api/v2/dagReports` could perform Dag code execution in the context of the api-server if the api-server was deployed in the environment where Dag files were available.
Published Oct 31, 2025
https://github.com/advisories/GHSA-273c-4g26-4jpm
CVSS Score
Medium
5.4
Components Impacted
Components Impacted
Security Details
Security Details
Sonatype Research
Sonatype Research
Ecosystem
Package
Version
Ecosystem
Package
Version
pypi
apache-airflow
3.0.0
pypi
apache-airflow
3.0.1
pypi
apache-airflow
3.0.1a1
pypi
apache-airflow
3.0.1a2
pypi
apache-airflow
3.0.1rc1
pypi
apache-airflow
3.0.2
pypi
apache-airflow
3.0.2rc1
pypi
apache-airflow
3.0.2rc2
pypi
apache-airflow
3.0.3
pypi
apache-airflow
3.0.3rc1
pypi
apache-airflow
3.0.3rc2
pypi
apache-airflow
3.0.3rc3
pypi
apache-airflow
3.0.3rc4
pypi
apache-airflow
3.0.3rc5
pypi
apache-airflow
3.0.3rc6
pypi
apache-airflow
3.0.4
pypi
apache-airflow
3.0.4rc1
pypi
apache-airflow
3.0.4rc2
pypi
apache-airflow
3.0.5
pypi
apache-airflow
3.0.5rc1
pypi
apache-airflow
3.0.5rc2
pypi
apache-airflow
3.0.5rc3
pypi
apache-airflow
3.0.6
pypi
apache-airflow
3.0.6rc1
pypi
apache-airflow
3.0.6rc2
pypi
apache-airflow
3.1.0
pypi
apache-airflow
3.1.0b1
pypi
apache-airflow
3.1.0b2
pypi
apache-airflow
3.1.0rc1
pypi
apache-airflow
3.1.0rc2
pypi
apache-airflow
3.1.1rc1
pypi
apache-airflow
3.1.1rc2
1-32 of 32
CVE-2025-62402 | Components Impacted | Sonatype Guide | Sonatype Guide
