UNCLASSIFIED - NO CUI

Skip to content

chore(findings): bitnami/airflow

Summary

bitnami/airflow has 314 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.3 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=bitnami/airflow&tag=2.9.3&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2016-20012 Anchore CVE Low openssh-8.7p1-45.el9 0.21811 false
CVE-2016-20012 Anchore CVE Low openssh-clients-8.7p1-45.el9 0.21811 false
CVE-2024-1931 Twistlock CVE Medium unbound-1.16.2-19.el9_6.1 0.06925 false
CVE-2024-1931 Anchore CVE Medium unbound-libs-1.16.2-19.el9_6.1 0.06925 false
CVE-2005-2541 Anchore CVE Medium tar-2:1.34-7.el9 0.03739 false
CVE-2024-56433 Anchore CVE Low shadow-utils-2:4.9-12.el9 0.02806 false
CVE-2024-7264 Anchore CVE Low libcurl-minimal-7.76.1-31.el9 0.02574 false
CVE-2024-7264 Anchore CVE Low curl-7.76.1-31.el9 0.02574 false
CVE-2024-7264 Twistlock CVE Low curl-7.76.1-31.el9 0.02574 false
CVE-2024-33655 Twistlock CVE Low unbound-1.16.2-19.el9_6.1 0.02518 false
CVE-2024-33655 Anchore CVE Low unbound-libs-1.16.2-19.el9_6.1 0.02518 false
CVE-2024-52338 Twistlock CVE Low pyarrow-16.1.0 0.02340 false
CVE-2024-41937 Twistlock CVE Medium apache-airflow-2.9.3 0.01547 false
CVE-2024-45784 Twistlock CVE Low apache-airflow-2.9.3 0.01261 false
CVE-2024-6232 Anchore CVE High python-3.11.9-11 0.01060 false
CVE-2024-49767 Twistlock CVE High werkzeug-2.2.3 Assuming the other conditions listed are met, then it is possible to exploit this. Configure Request.maxcontentlength. 0.00875 false
CVE-2024-53899 Twistlock CVE High virtualenv-20.26.3 0.00815 false
CVE-2024-53899 Twistlock CVE High virtualenv-20.26.1 0.00815 false
CVE-2024-53899 Anchore CVE High virtualenv-20.26.3 0.00815 false
CVE-2023-50782 Twistlock CVE High cryptography-41.0.7 0.00726 false
CVE-2024-4032 Anchore CVE High python-3.11.9-11 0.00650 false
CVE-2024-45034 Twistlock CVE Low apache-airflow-2.9.3 0.00638 false
CVE-2025-0938 Anchore CVE Medium python-3.11.9-11 0.00624 false
CVE-2023-46136 Twistlock CVE High werkzeug-2.2.3 Most web applications handle form data. If an untrusted user can POST form data, such as with an unauthenticatedpublic form, they could submit file data crafted to take a long time to parse 0.00410 false
CVE-2024-9681 Anchore CVE Low libcurl-minimal-7.76.1-31.el9 0.00348 false
CVE-2024-9681 Anchore CVE Low curl-7.76.1-31.el9 0.00348 false
CVE-2024-9681 Twistlock CVE Low curl-7.76.1-31.el9 0.00348 false
CVE-2024-7592 Anchore CVE High python-3.11.9-11 0.00325 false
CVE-2024-7592 Anchore CVE Low python3-3.9.21-2.el9_6.1 0.00325 false
CVE-2024-7592 Anchore CVE Low python3-libs-3.9.21-2.el9_6.1 0.00325 false
CVE-2024-7592 Twistlock CVE Low python3.9-3.9.21-2.el9_6.1 0.00325 false
CVE-2024-52804 Twistlock CVE High tornado-6.4.1 0.00319 false
CVE-2024-21272 Twistlock CVE High mysql-connector-python-9.0.0 0.00242 false
CVE-2021-3572 Anchore CVE Low python3-pip-wheel-21.3.1-1.el9 0.00240 false
CVE-2021-3572 Twistlock CVE Low python-pip-21.3.1-1.el9 0.00240 false
CVE-2024-26130 Twistlock CVE High cryptography-41.0.7 0.00236 false
CVE-2023-40403 Anchore CVE Medium libxslt-1.1.34-13.el9_6 0.00233 false
CVE-2023-40403 Twistlock CVE Medium libxslt-1.1.34-13.el9_6 0.00233 false
CVE-2024-0397 Anchore CVE Low python3-3.9.21-2.el9_6.1 0.00232 false
CVE-2024-0397 Anchore CVE Low python3-libs-3.9.21-2.el9_6.1 0.00232 false
CVE-2024-0397 Twistlock CVE Low python3.9-3.9.21-2.el9_6.1 0.00232 false
CVE-2024-6345 Twistlock CVE High setuptools-68.2.2 Most users have migrated off of the code paths that are affected. The affected code paths are actively deprecated and planned for turn down. Only specialized and legacy workflows are affected. Use recommended installers pip, uv, build, system package managers to install all packages from trusted indexes. If working with untrusted content in private indexes, consider scanning for malicious code in the package index pages. 0.00227 false
CVE-2024-11053 Anchore CVE Low libcurl-minimal-7.76.1-31.el9 0.00221 false
CVE-2024-11053 Anchore CVE Low curl-7.76.1-31.el9 0.00221 false
CVE-2024-11053 Twistlock CVE Low curl-7.76.1-31.el9 0.00221 false
CVE-2024-0727 Twistlock CVE Medium cryptography-41.0.7 0.00211 false
CVE-2024-52304 Twistlock CVE Medium aiohttp-3.9.5 Most users do not use the Python parser. Use the default C parser. 0.00200 false
CVE-2024-37891 Twistlock CVE Medium urllib3-2.0.7 Theres no reason to set ProxyAuthorization without using urllib3s proxy support. Using the ProxyAuthorization header with urllib3s ProxyManager. Disabling HTTP redirects using redirectsFalse when sending requests. Not using the ProxyAuthorization header. 0.00198 false
CVE-2025-1153 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00185 false
CVE-2025-1153 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00185 false
CVE-2023-32636 Twistlock CVE Low glib2-2.68.4-16.el9_6.2 0.00179 false
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-16.el9_6.2 0.00179 false
CVE-2024-50378 Twistlock CVE Low apache-airflow-2.9.3 0.00174 false
CVE-2024-41996 Anchore CVE Low openssl-libs-1:3.2.2-6.el9_5.1 0.00166 false
CVE-2024-41996 Anchore CVE Low openssl-1:3.2.2-6.el9_5.1 0.00166 false
CVE-2024-41996 Twistlock CVE Low openssl-3.2.2-6.el9_5.1 0.00166 false
CVE-2024-45033 Twistlock CVE Low apache-airflow-providers-fab-1.2.2 0.00160 false
CVE-2024-34069 Twistlock CVE High werkzeug-2.2.3 While anyone using the debugger is technically vulnerable, it requires developers to use the debugger from within an attackercontrolled domain, and for the attacker to guess a URL that will raise an exception and start a debugger. The debugger still requires the developer to enter the debugger pin to enable the vulnerability. Developers should never expect clicking a link on an unfamiliar domain to start their local project, and closing the window if it happens will prevent the vulnerability. Disable the debuggers interactive features by passing useevalexFalse to runsimple. Do not interact with the debugger unless you navigate to it explicitly. 0.00156 false
CVE-2017-1000383 Twistlock CVE Low emacs-27.2-14.el9_6.2 0.00142 false
CVE-2025-4517 Anchore CVE Critical python-3.11.9-11 0.00140 false
CVE-2025-1795 Anchore CVE Low python3-3.9.21-2.el9_6.1 0.00140 false
CVE-2025-1795 Anchore CVE Low python3.11-3.11.11-2.el9_6.1 0.00140 false
CVE-2025-1795 Anchore CVE Low python3-libs-3.9.21-2.el9_6.1 0.00140 false
CVE-2025-1795 Anchore CVE Low python3.11-libs-3.11.11-2.el9_6.1 0.00140 false
CVE-2025-1795 Twistlock CVE Low python3.11-3.11.11-2.el9_6.1 0.00140 false
CVE-2025-1795 Twistlock CVE Low python3.9-3.9.21-2.el9_6.1 0.00140 false
CVE-2025-47273 Twistlock CVE High setuptools-68.2.2 0.00139 false
CVE-2025-47273 Twistlock CVE High setuptools-72.1.0 0.00139 false
CVE-2025-47273 Anchore CVE High setuptools-68.2.2 0.00139 false
CVE-2025-47273 Anchore CVE Medium python3.11-setuptools-wheel-65.5.1-3.el9 0.00139 false
CVE-2025-47273 Twistlock CVE Medium python3.11-setuptools-65.5.1-3.el9 0.00139 false
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.13-10.el9_6 0.00135 false
CVE-2024-34459 Anchore CVE Low libxml2-2.9.13-10.el9_6 0.00135 false
CVE-2025-30706 Twistlock CVE Low mysql-connector-python-9.0.0 0.00122 false
CVE-2024-7531 Anchore CVE Low nss-util-3.101.0-10.el9_2 0.00121 false
CVE-2024-7531 Anchore CVE Low nss-3.101.0-10.el9_2 0.00121 false
CVE-2024-7531 Anchore CVE Low nspr-4.35.0-17.el9_2 0.00121 false
CVE-2024-7531 Anchore CVE Low nss-sysinit-3.101.0-10.el9_2 0.00121 false
CVE-2024-7531 Anchore CVE Low nss-softokn-3.101.0-10.el9_2 0.00121 false
CVE-2024-7531 Anchore CVE Low nss-softokn-freebl-3.101.0-10.el9_2 0.00121 false
CVE-2024-7531 Twistlock CVE Low nss-3.101.0-10.el9_2 0.00121 false
CVE-2020-12413 Anchore CVE Low nspr-4.35.0-17.el9_2 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-sysinit-3.101.0-10.el9_2 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-softokn-freebl-3.101.0-10.el9_2 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-3.101.0-10.el9_2 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-softokn-3.101.0-10.el9_2 0.00120 false
CVE-2020-12413 Anchore CVE Low nss-util-3.101.0-10.el9_2 0.00120 false
CVE-2020-12413 Twistlock CVE Low nss-3.101.0-10.el9_2 0.00120 false
CVE-2025-47287 Twistlock CVE High tornado-6.4.1 0.00118 false
CVE-2024-56326 Twistlock CVE Medium jinja2-3.1.4 This vulnerability impacts applications which execute untrusted templates. This is uncommon for web and other document rendering use cases, but may be common in deployment tools that allow third party plugins. 0.00118 false
CVE-2021-45941 Anchore CVE Medium libbpf-2:1.5.0-1.el9 0.00117 false
CVE-2021-45941 Twistlock CVE Medium libbpf-1.5.0-1.el9 0.00117 false
CVE-2021-45940 Anchore CVE Low libbpf-2:1.5.0-1.el9 0.00117 false
CVE-2021-45940 Twistlock CVE Medium libbpf-1.5.0-1.el9 0.00117 false
CVE-2025-4330 Anchore CVE High python-3.11.9-11 0.00115 false
CVE-2023-27043 Anchore CVE Medium python-3.11.9-11 0.00115 false
CVE-2025-4138 Anchore CVE High python-3.11.9-11 0.00096 false
CVE-2024-12718 Anchore CVE Medium python-3.11.9-11 0.00093 false
CVE-2024-6923 Anchore CVE Medium python-3.11.9-11 0.00089 false
CVE-2025-1632 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00088 false
CVE-2025-1632 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00088 false
CVE-2024-8088 Anchore CVE High python-3.11.9-11 0.00087 false
CVE-2025-1152 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00081 false
CVE-2025-1152 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00081 false
CVE-2025-1150 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00081 false
CVE-2025-1150 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00081 false
CVE-2025-3360 Twistlock CVE Low glib2-2.68.4-16.el9_6.2 0.00079 false
CVE-2025-3360 Anchore CVE Low glib2-2.68.4-16.el9_6.2 0.00079 false
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-10.el9_6 0.00078 false
CVE-2025-6069 Anchore CVE Medium python-3.11.9-11 0.00077 false
CVE-2025-6069 Anchore CVE Medium python3-3.9.21-2.el9_6.1 0.00077 false
CVE-2025-6069 Anchore CVE Medium python3.11-3.11.11-2.el9_6.1 0.00077 false
CVE-2025-6069 Anchore CVE Medium python3.11-libs-3.11.11-2.el9_6.1 0.00077 false
CVE-2025-6069 Anchore CVE Medium python3-libs-3.9.21-2.el9_6.1 0.00077 false
CVE-2025-6069 Twistlock CVE Medium python3.9-3.9.21-2.el9_6.1 0.00077 false
CVE-2025-6069 Twistlock CVE Medium python3.11-3.11.11-2.el9_6.1 0.00077 false
CVE-2025-1151 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00075 false
CVE-2025-1151 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00075 false
CVE-2024-56201 Twistlock CVE Medium jinja2-3.1.4 This vulnerability impacts applications which execute untrusted templates where the template author can also choose the template filename. This is uncommon for web and other document rendering use cases, but may be common in deployment tools that allow third party plugins. Check if any template filenames contain curly braces and . If so, and the braces enclose Python code, audit or remove those files. 0.00074 false
CVE-2025-24023 Twistlock CVE Low flask-appbuilder-4.5.0 0.00072 false
CVE-2024-13176 Anchore CVE Low openssl-1:3.2.2-6.el9_5.1 0.00071 false
CVE-2024-13176 Anchore CVE Low openssl-libs-1:3.2.2-6.el9_5.1 0.00071 false
CVE-2024-13176 Twistlock CVE Low openssl-3.2.2-6.el9_5.1 0.00071 false
CVE-2025-30473 Twistlock CVE High apache-airflow-providers-common-sql-1.14.2 0.00069 false
CVE-2025-1377 Anchore CVE Low elfutils-libelf-0.192-6.el9_6 0.00065 false
CVE-2025-1377 Anchore CVE Low elfutils-default-yama-scope-0.192-6.el9_6 0.00065 false
CVE-2025-1377 Anchore CVE Low elfutils-libs-0.192-6.el9_6 0.00065 false
CVE-2025-1377 Twistlock CVE Low elfutils-0.192-6.el9_6 0.00065 false
CVE-2025-53643 Twistlock CVE Low aiohttp-3.9.5 If the above conditions are met which is already unlikely, they are affected. 0.00064 false
CVE-2025-4435 Anchore CVE High python-3.11.9-11 0.00064 false
CVE-2022-41409 Anchore CVE Low pcre2-syntax-10.40-6.el9 0.00061 false
CVE-2022-41409 Anchore CVE Low pcre2-10.40-6.el9 0.00061 false
CVE-2022-41409 Twistlock CVE Low pcre2-10.40-6.el9 0.00061 false
CVE-2025-4565 Twistlock CVE High protobuf-4.25.3 0.00060 false
CVE-2025-32990 Twistlock CVE Medium gnutls-3.8.3-6.el9 0.00059 false
CVE-2025-32990 Anchore CVE Medium gnutls-utils-3.8.3-6.el9 0.00059 false
CVE-2025-32990 Anchore CVE Medium gnutls-3.8.3-6.el9 0.00059 false
CVE-2025-32990 Anchore CVE Medium gnutls-dane-3.8.3-6.el9 0.00059 false
CVE-2025-27516 Twistlock CVE Medium jinja2-3.1.4 This vulnerability impacts applications which execute untrusted templates. This is uncommon for web and other document rendering use cases, but may be common in deployment tools that allow third party plugins. 0.00058 false
CVE-2025-8194 Twistlock CVE Medium python3.9-3.9.21-2.el9_6.1 0.00057 false
CVE-2025-8194 Twistlock CVE Medium python3.11-3.11.11-2.el9_6.1 0.00057 false
CVE-2025-8194 Anchore CVE Medium python3-libs-3.9.21-2.el9_6.1 0.00057 false
CVE-2025-8194 Anchore CVE Medium python3.11-libs-3.11.11-2.el9_6.1 0.00057 false
CVE-2025-8194 Anchore CVE High python-3.11.9-11 0.00057 false
CVE-2025-8194 Anchore CVE Medium python3-3.9.21-2.el9_6.1 0.00057 false
CVE-2025-8194 Anchore CVE Medium python3.11-3.11.11-2.el9_6.1 0.00057 false
CVE-2025-27113 Twistlock CVE Low libxml2-2.9.13-10.el9_6 0.00055 false
CVE-2025-27113 Anchore CVE Low libxml2-2.9.13-10.el9_6 0.00055 false
CVE-2024-50602 Anchore CVE Medium python-3.11.9-11 0.00054 false
CVE-2025-6395 Twistlock CVE Medium gnutls-3.8.3-6.el9 0.00053 false
CVE-2025-6395 Anchore CVE Medium gnutls-3.8.3-6.el9 0.00053 false
CVE-2025-6395 Anchore CVE Medium gnutls-utils-3.8.3-6.el9 0.00053 false
CVE-2025-6395 Anchore CVE Medium gnutls-dane-3.8.3-6.el9 0.00053 false
CVE-2025-27018 Twistlock CVE Medium apache-airflow-providers-mysql-5.6.2 0.00053 false
CVE-2025-32988 Twistlock CVE Medium gnutls-3.8.3-6.el9 0.00052 false
CVE-2025-32988 Anchore CVE Medium gnutls-utils-3.8.3-6.el9 0.00052 false
CVE-2025-32988 Anchore CVE Medium gnutls-dane-3.8.3-6.el9 0.00052 false
CVE-2025-32988 Anchore CVE Medium gnutls-3.8.3-6.el9 0.00052 false
CVE-2025-21548 Twistlock CVE Low mysql-connector-python-9.0.0 0.00050 false
CVE-2023-50495 Anchore CVE Low ncurses-6.2-10.20210508.el9 0.00050 false
CVE-2023-50495 Anchore CVE Low ncurses-compat-libs-6.2-10.20210508.el9 0.00050 false
CVE-2024-49766 Twistlock CVE Medium werkzeug-2.2.3 Assuming the other conditions listed are met, this is exploitable. 0.00049 false
CVE-2025-1376 Anchore CVE Low elfutils-libelf-0.192-6.el9_6 0.00048 false
CVE-2025-1376 Anchore CVE Low elfutils-libs-0.192-6.el9_6 0.00048 false
CVE-2025-1376 Anchore CVE Low elfutils-default-yama-scope-0.192-6.el9_6 0.00048 false
CVE-2025-1376 Twistlock CVE Low elfutils-0.192-6.el9_6 0.00048 false
CVE-2022-27943 Anchore CVE Low libstdc++-11.5.0-5.el9_5 0.00047 false
CVE-2022-27943 Anchore CVE Low libgcc-11.5.0-5.el9_5 0.00047 false
CVE-2022-27943 Anchore CVE Low libgomp-11.5.0-5.el9_5 0.00047 false
CVE-2022-27943 Anchore CVE Low libstdc++-devel-11.5.0-5.el9_5 0.00047 false
CVE-2022-27943 Twistlock CVE Low gcc-11.5.0-5.el9_5 0.00047 false
CVE-2025-30714 Twistlock CVE Low mysql-connector-python-9.0.0 0.00046 false
CVE-2024-9287 Anchore CVE High python-3.11.9-11 0.00046 false
CVE-2024-35195 Twistlock CVE Medium requests-2.31.0 0.00046 false
CVE-2025-43859 Twistlock CVE Critical h11-0.14.0 0.00045 false
CVE-2024-29040 Anchore CVE Medium tpm2-tss-3.2.3-1.el9 0.00045 false
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-3.2.3-1.el9 0.00045 false
CVE-2025-5914 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00039 false
CVE-2025-5914 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00039 false
CVE-2025-32962 Twistlock CVE Medium flask-appbuilder-4.5.0 0.00038 false
CVE-2023-24056 Anchore CVE Low pkgconf-m4-1.7.3-10.el9 0.00037 false
CVE-2023-24056 Anchore CVE Low pkgconf-1.7.3-10.el9 0.00037 false
CVE-2023-24056 Anchore CVE Low pkgconf-pkg-config-1.7.3-10.el9 0.00037 false
CVE-2023-24056 Anchore CVE Low libpkgconf-1.7.3-10.el9 0.00037 false
CVE-2023-24056 Twistlock CVE Low pkgconf-1.7.3-10.el9 0.00037 false
CVE-2023-39804 Anchore CVE Low tar-2:1.34-7.el9 0.00036 false
CVE-2023-39804 Twistlock CVE Low tar-1.34-7.el9 0.00036 false
CVE-2022-40896 Anchore CVE Medium python3.11-pip-wheel-22.3.1-5.el9 0.00034 false
CVE-2022-40896 Twistlock CVE Medium python3.11-pip-22.3.1-5.el9 0.00034 false
CVE-2025-5279 Twistlock CVE High redshift-connector-2.1.2 0.00033 false
CVE-2024-43167 Twistlock CVE Low unbound-1.16.2-19.el9_6.1 0.00032 false
CVE-2024-43167 Anchore CVE Low unbound-libs-1.16.2-19.el9_6.1 0.00032 false
CVE-2024-43168 Twistlock CVE Low unbound-1.16.2-19.el9_6.1 0.00031 false
CVE-2024-43168 Anchore CVE Low unbound-libs-1.16.2-19.el9_6.1 0.00031 false
CVE-2025-1371 Anchore CVE Low elfutils-default-yama-scope-0.192-6.el9_6 0.00029 false
CVE-2025-1371 Anchore CVE Low elfutils-libelf-0.192-6.el9_6 0.00029 false
CVE-2025-1371 Anchore CVE Low elfutils-libs-0.192-6.el9_6 0.00029 false
CVE-2025-1371 Twistlock CVE Low elfutils-0.192-6.el9_6 0.00029 false
CVE-2022-29458 Anchore CVE Low ncurses-compat-libs-6.2-10.20210508.el9 0.00029 false
CVE-2022-29458 Anchore CVE Low ncurses-6.2-10.20210508.el9 0.00029 false
CVE-2025-32728 Anchore CVE Medium openssh-clients-8.7p1-45.el9 0.00027 false
CVE-2025-32728 Anchore CVE Medium openssh-8.7p1-45.el9 0.00027 false
CVE-2025-32728 Twistlock CVE Medium openssh-8.7p1-45.el9 0.00027 false
CVE-2025-32415 Twistlock CVE Medium libxml2-2.9.13-10.el9_6 0.00027 false
CVE-2025-32415 Anchore CVE Medium libxml2-2.9.13-10.el9_6 0.00027 false
CVE-2024-47081 Twistlock CVE Medium requests-2.31.0 0.00024 false
CVE-2025-45582 Twistlock CVE Medium tar-1.34-7.el9 0.00023 false
CVE-2025-45582 Anchore CVE Medium tar-2:1.34-7.el9 0.00023 false
CVE-2024-6827 Twistlock CVE High gunicorn-22.0.0 0.00022 false
CVE-2024-57360 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00022 false
CVE-2024-57360 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00022 false
CVE-2025-4516 Anchore CVE Medium python-3.11.9-11 0.00021 false
CVE-2025-4516 Twistlock CVE Medium python3.9-3.9.21-2.el9_6.1 0.00021 false
CVE-2025-4516 Twistlock CVE Medium python3.11-3.11.11-2.el9_6.1 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3-libs-3.9.21-2.el9_6.1 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.11-libs-3.11.11-2.el9_6.1 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3.11-3.11.11-2.el9_6.1 0.00021 false
CVE-2025-4516 Anchore CVE Medium python3-3.9.21-2.el9_6.1 0.00021 false
CVE-2025-32989 Twistlock CVE Medium gnutls-3.8.3-6.el9 0.00021 false
CVE-2025-32989 Anchore CVE Medium gnutls-3.8.3-6.el9 0.00021 false
CVE-2025-32989 Anchore CVE Medium gnutls-utils-3.8.3-6.el9 0.00021 false
CVE-2025-32989 Anchore CVE Medium gnutls-dane-3.8.3-6.el9 0.00021 false
CVE-2024-25260 Anchore CVE Low elfutils-libelf-0.192-6.el9_6 0.00021 false
CVE-2024-25260 Anchore CVE Low elfutils-default-yama-scope-0.192-6.el9_6 0.00021 false
CVE-2024-25260 Anchore CVE Low elfutils-libs-0.192-6.el9_6 0.00021 false
CVE-2024-25260 Twistlock CVE Low elfutils-0.192-6.el9_6 0.00021 false
CVE-2025-7424 Anchore CVE High libxslt-1.1.34-13.el9_6 0.00020 false
CVE-2025-5245 Anchore CVE Medium gdb-gdbserver-14.2-4.1.el9_6 0.00019 false
CVE-2025-5245 Twistlock CVE Medium gdb-14.2-4.1.el9_6 0.00019 false
CVE-2024-0232 Twistlock CVE Low sqlite-3.34.1-8.el9_6 0.00018 false
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.34.1-8.el9_6 0.00018 false
CVE-2024-0232 Anchore CVE Low sqlite-3.34.1-8.el9_6 0.00018 false
CVE-2025-5918 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00017 false
CVE-2025-5918 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00017 false
CVE-2025-5916 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00017 false
CVE-2025-5916 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00017 false
CVE-2025-32414 Twistlock CVE Medium libxml2-2.9.13-10.el9_6 0.00017 false
CVE-2025-32414 Anchore CVE Medium libxml2-2.9.13-10.el9_6 0.00017 false
CVE-2025-8058 Twistlock CVE Medium glibc-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-common-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-langpack-en-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-minimal-langpack-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-devel-2.34-168.el9_6.20 0.00016 false
CVE-2025-8058 Anchore CVE Medium glibc-headers-2.34-168.el9_6.20 0.00016 false
CVE-2025-6170 Twistlock CVE Low libxml2-2.9.13-10.el9_6 0.00016 false
CVE-2025-6170 Anchore CVE Low libxml2-2.9.13-10.el9_6 0.00016 false
CVE-2025-3198 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00016 false
CVE-2025-3198 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00016 false
CVE-2025-7425 Twistlock CVE High libxslt-1.1.34-13.el9_6 0.00015 false
CVE-2025-7425 Anchore CVE High libxslt-1.1.34-13.el9_6 0.00015 false
CVE-2025-5917 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00015 false
CVE-2025-5917 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00015 false
CVE-2025-5915 Anchore CVE Low libarchive-3.5.3-5.el9_6 0.00015 false
CVE-2025-5915 Twistlock CVE Low libarchive-3.5.3-5.el9_6 0.00015 false
CVE-2025-5278 Anchore CVE Medium coreutils-single-8.32-39.el9 0.00015 false
CVE-2025-5278 Twistlock CVE Medium coreutils-8.32-39.el9 0.00015 false
CVE-2025-48386 Twistlock CVE Medium git-2.47.3-1.el9_6 0.00014 false
CVE-2025-48386 Anchore CVE Medium git-core-2.47.3-1.el9_6 0.00014 false
CVE-2025-48386 Anchore CVE Medium git-2.47.3-1.el9_6 0.00014 false
CVE-2025-48386 Anchore CVE Medium perl-Git-2.47.3-1.el9_6 0.00014 false
CVE-2025-48386 Anchore CVE Medium git-core-doc-2.47.3-1.el9_6 0.00014 false
CVE-2022-47011 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00014 false
CVE-2022-47011 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00014 false
CVE-2022-47010 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00014 false
CVE-2022-47010 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00014 false
CVE-2022-47007 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 0.00014 false
CVE-2022-47007 Twistlock CVE Low gdb-14.2-4.1.el9_6 0.00014 false
CVE-2025-50181 Twistlock CVE Medium urllib3-2.0.7 Most users dont disable redirects on the PoolManager. Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager 0.00013 false
CVE-2025-50181 Twistlock CVE Medium urllib3-1.26.5 Most users dont disable redirects on the PoolManager. Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager 0.00013 false
CVE-2025-50181 Anchore CVE Medium python3-pip-wheel-21.3.1-1.el9 0.00013 false
CVE-2025-50181 Anchore CVE Medium python3.11-pip-wheel-22.3.1-5.el9 0.00013 false
CVE-2025-50181 Twistlock CVE Medium python-pip-21.3.1-1.el9 0.00013 false
CVE-2025-50181 Twistlock CVE Medium python3.11-pip-22.3.1-5.el9 0.00013 false
CVE-2024-45314 Twistlock CVE Medium flask-appbuilder-4.5.0 0.00013 false
CVE-2023-30571 Anchore CVE Medium libarchive-3.5.3-5.el9_6 0.00013 false
CVE-2023-30571 Twistlock CVE Medium libarchive-3.5.3-5.el9_6 0.00013 false
CVE-2025-50182 Anchore CVE Medium python3.11-pip-wheel-22.3.1-5.el9 0.00011 false
CVE-2025-50182 Anchore CVE Medium python3-pip-wheel-21.3.1-1.el9 0.00011 false
CVE-2025-50182 Twistlock CVE Medium python3.11-pip-22.3.1-5.el9 0.00011 false
CVE-2025-50182 Twistlock CVE Medium python-pip-21.3.1-1.el9 0.00011 false
CVE-2025-4598 Anchore CVE Medium systemd-libs-252-51.el9_6.1 0.00011 false
CVE-2025-4598 Anchore CVE Medium systemd-252-51.el9_6.1 0.00011 false
CVE-2025-4598 Anchore CVE Medium systemd-pam-252-51.el9_6.1 0.00011 false
CVE-2025-4598 Anchore CVE Medium systemd-rpm-macros-252-51.el9_6.1 0.00011 false
CVE-2025-4598 Twistlock CVE Medium systemd-252-51.el9_6.1 0.00011 false
CVE-2023-51767 Anchore CVE Medium openssh-clients-8.7p1-45.el9 0.00011 false
CVE-2023-51767 Anchore CVE Medium openssh-8.7p1-45.el9 0.00011 false
CVE-2023-51767 Twistlock CVE Medium openssh-8.7p1-45.el9 0.00011 false
CVE-2022-3606 Anchore CVE Low libbpf-2:1.5.0-1.el9 0.00009 false
CVE-2022-3606 Twistlock CVE Low libbpf-1.5.0-1.el9 0.00009 false
CVE-2025-7458 Twistlock CVE Medium sqlite-3.34.1-8.el9_6 N/A false
CVE-2025-7458 Anchore CVE Medium sqlite-libs-3.34.1-8.el9_6 N/A false
CVE-2025-7458 Anchore CVE Medium sqlite-3.34.1-8.el9_6 N/A false
CVE-2023-2222 Anchore CVE Low gdb-gdbserver-14.2-4.1.el9_6 N/A false
e07d84b039b0e6fcea42fbda1d378647 Anchore Compliance Critical N/A N/A
c7d1f3cd3814412b06a7ff03282f6810 Anchore Compliance Critical N/A N/A
c45a3cdf4974ce9efa7f2078409cf7bc Anchore Compliance Critical N/A N/A
b18c88ddeab24abfb92ae2ccddb0b022 Anchore Compliance Low N/A N/A
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low N/A N/A
PRISMA-2023-0035 Twistlock CVE High werkzeug-2.2.3 N/A N/A
PRISMA-2023-0024 Twistlock CVE High aiohttp-3.9.5 N/A N/A
PRISMA-2022-0168 Twistlock CVE High pip-24.1 N/A N/A
PRISMA-2022-0168 Twistlock CVE High pip-23.3.2 N/A N/A
PRISMA-2022-0168 Twistlock CVE High pip-25.2 N/A N/A
GHSA-h4gh-qq45-vh27 Twistlock CVE Medium cryptography-41.0.7 N/A N/A
CCE-87567-4 OSCAP Compliance Medium N/A N/A
CCE-86474-4 OSCAP Compliance Medium N/A N/A
CCE-86208-6 OSCAP Compliance Medium N/A N/A
9d7be138577efc4d9fdfe0580d849284 Anchore Compliance Critical N/A N/A
40cf73571ff8eeb93b41f263a88fb4dd Anchore Compliance Critical N/A N/A
1ecec1e40ccbe23f44510a519bf45ad5 Anchore Compliance Critical N/A N/A
154761d2aed489e13b0d2388e6b6599e Anchore Compliance Critical N/A N/A
06326817a751383683daa4f085406e9e Anchore Compliance Critical N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=bitnami/airflow&tag=2.9.3&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI