Is apache-airflow safe to use?

apache-airflow has 5 known vulnerabilities on the latest version (2.11.1). DepScope rates its health at 60/100 (moderate risk).

What is the latest version of apache-airflow?

The latest version of apache-airflow is 2.11.1, released 2026-04-16.

Yes. apache-airflow has 5 known vulnerabilities. See depscope.dev/pkg/conda/apache-airflow for details.

No, apache-airflow is actively maintained. Latest release: 2.11.1 (2026-04-16).

DepScope has no curated alternatives for apache-airflow at this time.

apache-airflow is licensed under Apache-2.0.

condav2.11.1

Airflow is a platform to programmatically author, schedule and monitor workflows

License Apache-2.0permissive66 versions1 maintainers0 deps3,271 weekly dl

/ 100

Health

do not use

apache-airflow has critical vulnerabilities — do not use

Update to >= 3.2.0 to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

6/20

popularity

4/25

security

15/15

maturity

10/15

community

Vulnerabilities

1 critical1 high3 medium

Advisories (5)

Severity	ID	Summary	Fixed in
medium	BIT-airflow-2026-25219	Apache Airlfow: Sensitive Azure Service Bus connection string (and possibly other providers) exposed to users with view access	3.1.8
medium	BIT-airflow-2026-24098	Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users	3.1.7
critical	BIT-airflow-2023-22884	Command Injection in Apache Airflow and Apache Airflow MySQL Provider	4.0.0
medium	BIT-airflow-2025-66236	Apache Airflow: Secrets from Airflow config file logged in plain text in DAG run logs UI	3.2.0
high	BIT-airflow-2025-54550	Apache Airflow: RCE by race condition in example_xcom dag	3.2.0

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/conda/apache-airflow

First published · 2021-02-16 09:20:57.703000+00:00

Last updated · 2026-04-16 14:01:52.087000+00:00