From 4bbf10467154ee409db0fbaeb3dbc0091a92c325 Mon Sep 17 00:00:00 2001
From: Jarek Potiuk <jarek@potiuk.com>
Date: Sat, 1 Nov 2025 17:54:39 +0100
Subject: [PATCH] Add link to Airflow CVEs in MITRE CVE database.

---
 airflow-core/docs/security/index.rst | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/airflow-core/docs/security/index.rst b/airflow-core/docs/security/index.rst
index b9f79e2ee7063..28c7297425155 100644
--- a/airflow-core/docs/security/index.rst
+++ b/airflow-core/docs/security/index.rst
@@ -26,6 +26,13 @@ the different user types of Apache Airflow®, what they have access to, and the
 Also, if you want to understand how Airflow releases security patches and what to expect from them,
 head over to :doc:`Releasing security patches </security/releasing_security_patches>`.
 
+There are number of services where you can track security issues reported and announced by Airflow same as for
+any of the projects following the standard CVE databases.
+
+One such database is run by the MITRE corporation and you can search
+for `Airflow CVEs <https://www.cve.org/CVERecord/SearchResults?query=apache+airflow>`_
+there, however you might use whatever database you and your organization prefers to track security issues and CVEs.
+
 Follow the below topics as well to understand other aspects of Airflow security:
 
 .. toctree::