/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CGA-2vh5-pwxw-65q9

Published

Last updated

https://images.chainguard.dev/security/CGA-2vh5-pwxw-65q9
Package

airflow-2

Repository

Chainguard

Latest Update
Pending upstream fix
Aliases
  • CVE-2025-58065
  • GHSA-765j-9r45-w2q2

Severity

Unknown

References

  • https://nvd.nist.gov/vuln/detail/CVE-2025-58065
  • https://github.com/advisories/GHSA-765j-9r45-w2q2

Updates

Status

Pending upstream fix

Impact

We have bumped flask-appbuilder in the main airflow dependency tree. Upstream currently pins one of their providers, fab, to flask-appbuilder to 4.5.3. Any attempts to bump this version results in build failures. We will need to wait for upstream to bump the dependency in order to fix this CVE.

Status

Under investigation

Safe Source for Open Sourceâ„¢
Contact us
© 2025 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal