{"id":"PYSEC-2024-263","details":"Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file.","aliases":["CVE-2024-28423","PYSEC-2024-270"],"modified":"2026-05-21T15:00:04.974172007Z","published":"2024-03-14T19:15:50.877Z","references":[{"type":"PACKAGE","url":"https://github.com/bayuncao/vul-cve-15"}],"affected":[{"package":{"name":"airflow-diagrams","ecosystem":"PyPI","purl":"pkg:pypi/airflow-diagrams"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"last_affected":"2.1.0"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.1.0","1.0.0","1.0.0rc1","1.0.0rc2","1.0.1","1.0.1rc1","1.1.0","1.1.0rc1","2.0.0","2.0.0rc1","2.1.0","2.1.0rc1"],"ecosystem_specific":{},"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/airflow-diagrams/PYSEC-2024-263.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}