pkg:PyPI/mlflow

All known vulnerabilities

• CRITICAL10.0CVE-2025-15379MLflow Command Injection vulnerability
  from 0, < 3.8.1
• CRITICAL10.0CVE-2024-0520Remote code execution in mlflow
  from 0, < 2.9.0
• CRITICAL10.0CVE-2024-0520Remote code execution in mlflow
  from 0, < 400c226953b4568f4361bc0a0c223511652c2b9d, < 400c226953b4568f4361bc0a0c223511652c2b9d | from 0, < 2.9.0
• CRITICAL10.0Path traversal in MLflow
  from 0, < 2.9.2
• CRITICAL10.0Path traversal in MLflow
  from 0, < 1da75dfcecd4d169e34809ade55748384e8af6c1 | from 0, < 2.9.2
• CRITICAL10.0Remote Code Execution due to Full Controled File Write in mlflow
  from 0, < 2.9.2
• CRITICAL10.0MLflow allowed arbitrary files to be PUT onto the server
  from 0, < 2.8.1
• CRITICAL10.0MLflow Path Traversal vulnerability
  from 0, < 2.5.0
• CRITICAL10.0MLflow Path Traversal vulnerability
  from 0, < 6dde93758d42455cb90ef324407919ed67668b9b, < 6dde93758d42455cb90ef324407919ed67668b9b | from 0, < 2.5.0
• CRITICAL10.0Relative path traversal in mlflow
  from 0, < f73147496e05c09a8b83d95fb4f1bf86696c6342 | from 0, < 2.3.1
• CRITICAL10.0Relative path traversal in mlflow
  from 0, < 2.3.1
• CRITICAL9.8MLflow Use of Default Password Authentication Bypass Vulnerability
  from 0, < 3.8.0rc0
• CRITICAL9.8MLFlow Path Traversal Vulnerability
  from 0, < 2.9.2
• CRITICAL9.8MLflow Server-Side Request Forgery (SSRF)
  from 0, < 2.9.2
• CRITICAL9.8mlflow Path Traversal vulnerability
  from 0, < fae77a525dd908c56d6204a4cef1c1c75b4e9857 | from 0, < 2.3.1
• CRITICAL9.8mlflow Path Traversal vulnerability
  from 0, < 2.3.0
• CRITICAL9.8mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
  from 0, < 7162a50c654792c21f3e4a160eb1a0e6a34f6e6e | from 0, < 2.2.1
• CRITICAL9.8mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
  from 0, < 2.2.1
• CRITICAL9.6MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution
  >= 3.9.0, < 3.10.0
• CRITICAL9.6Mlflow: Command Injection when serving models with enable_mlserver=True
  from 0, < 3.9.0
• CRITICAL9.6MLFlow path traversal vulnerability
  from 0, < 3.9.0rc0
• CRITICAL9.6MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
  from 0, < 2.10.0
• CRITICAL9.6Cross-site Scripting in MLFlow
  from 0, < 2.10.0
• CRITICAL9.6MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
  from 0, < 2.10.0
• CRITICAL9.6Cross-site Scripting in MLFlow
  from 0, < 2.10.0
• CRITICAL9.3mlflow vulnerable to Path Traversal
  from 0, < 438a450714a3ca06285eeea34bdc6cf79d7f6cbc, < 438a450714a3ca06285eeea34bdc6cf79d7f6cbc | from 0, < 2.10.0
• CRITICAL9.3mlflow vulnerable to Path Traversal
  from 0, < 2.10.0
• CRITICAL9.1mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization
  from 0, <= 3.10.1
• CRITICAL9.1MLflow authentication requirement bypass can allow a user to arbitrarily create an account
  from 0, < 2.8.0
• HIGH8.8MLFlow unsafe deserialization
  >= 0.5.0, <= 3.4.0
• HIGH8.8MLFlow unsafe deserialization
  >= 2.5.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 2.0.0rc0, <= 2.14.1
• HIGH8.8MLFlow improper input validation
  >= 1.11.0, <= 2.13.1
• HIGH8.8MLFlow unsafe deserialization
  >= 1.27.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 1.1.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 1.1.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 0.9.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 1.24.0, <= 2.14.1
• HIGH8.8MLFlow unsafe deserialization
  >= 1.23.0, <= 2.14.1
• HIGH8.8MLflow Path Traversal Vulnerability
  from 0, < 2.9.2
• HIGH8.8mlflow Command Injection vulnerability
  from 0, < 2.9.2
• HIGH8.8Path traversal in MLflow
  from 0, < 1c6309f884798fbf56017a3cc808016869ee8de4, < 1c6309f884798fbf56017a3cc808016869ee8de4 | from 0, < 2.9.2
• HIGH8.8Path traversal in MLflow
  from 0, < 2.9.2
• HIGH8.8Jinja2 template injection in mlflow
  from 0, < 432b8ccf27fd3a76df4ba79bb1bec62118a85625 | from 0, < 2.9.2
• HIGH8.8Jinja2 template injection in mlflow
  from 0, < 2.9.2
• HIGH8.8mlflow vulnerable to OS Command Injection
  from 0, < 6dde93758d42455cb90ef324407919ed67668b9b | from 0, < 2.6.0
• HIGH8.8mlflow vulnerable to OS Command Injection
  from 0, < 2.6.0
• HIGH8.6MLflow: unauthenticated access to certain FastAPI routes
  from 0, < 3.11.0
• HIGH8.2Insecure Temporary File in mlflow
  from 0, < 1.23.1
• HIGH8.2Insecure Temporary File in mlflow
  from 0, < 61984e6843d2e59235d82a580c529920cd8f3711 | from 0, < 1.23.1
• HIGH8.1MLFlow allows Tracing + Assessments Access
  from 0, <= 3.8.1
• HIGH8.1Arbitrary file write via tar traversal in mlflow
  from 0, < 3.9.0rc0
• HIGH8.1MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability
  from 0, < 3.8.0rc0
• HIGH8.1MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation
  from 0, < 3.5.0
• HIGH8.1MLflow Weak Password Requirements Authentication Bypass Vulnerability
  from 0, < 2.22.0rc0
• HIGH8.1MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability
  >= 3.0.0rc0, < 3.0.0
• HIGH8.1mlflow vulnerable to Path Traversal
  from 0, <= 2.9.2
• HIGH7.5MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
  from 0, < 3.10.0
• HIGH7.5MLflow has a command injection in mlflow/sagemaker/__init__.py
  from 0, < 3.8.0rc0
• HIGH7.5MLflow has a Local File Read/Path Traversal in dbfs
  from 0, < 2.17.0rc0
• HIGH7.5Local File Inclusion in mlflow
  from 0, < 96f0b573a73d8eedd6735a2ce26e08859527be07, < 96f0b573a73d8eedd6735a2ce26e08859527be07 | from 0, < 2.11.3
• HIGH7.5Local File Inclusion in mlflow
  from 0, < 2.11.3
• HIGH7.5MLflow has a Local File Read/Path Traversal bypass
  from 0, < f8d51e21523238280ebcfdb378612afd7844eca8, < f8d51e21523238280ebcfdb378612afd7844eca8 | from 0, < 2.12.1
• HIGH7.5MLflow has a Local File Read/Path Traversal bypass
  >= 2.9.2, < 2.12.1
• HIGH7.5mlflow vulnerable to Path Traversal
  from 0, <= 2.9.2
• HIGH7.5mlflow vulnerable to Path Traversal
  from 0, < 2.12.1
• HIGH7.5mlflow vulnerable to Path Traversal
  from 0, <= 2.9.2
• HIGH7.5mlflow Path Traversal vulnerability
  from 0, < 2.12.1
• HIGH7.5MLflow Path Traversal Vulnerability
  from 0, < 1da75dfcecd4d169e34809ade55748384e8af6c1 | from 0, < 2.9.2
• HIGH7.5MLflow Local File Disclosure Vulnerability
  from 0, < 2.9.2
• HIGH7.5MLflow Path Traversal Vulnerability
  from 0, < 2.9.2
• HIGH7.5Information exposure in MLflow
  from 0, < 2.9.0
• HIGH7.5mflow vulnerable to directory traversal
  from 0, < 2.0.0rc0
• HIGH7.5mflow vulnerable to directory traversal
  from 0, < 2.0.1
• HIGH7.1MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability
  from 0, < 3.9.0
• HIGH7.0MLFlow Creates a Temporary File With Insecure Permissions
  from 0, < 3.11.0
• HIGH7.0mlflow Creates of Temporary File in Directory with Insecure Permissions
  from 0, < 3.4.0rc0
• HIGH7.0MLflow's excessive directory permissions allow local privilege escalation
  from 0, < 2.16.0
• HIGH7.0MLflow's excessive directory permissions allow local privilege escalation
  from 0, < 2.16.0
• MEDIUM6.5MLflow authenticated users can enumerate any registered model versions due to lack of per-model permissions checks
  from 0, < 3.10.0
• MEDIUM6.5Cross-site Scripting (XSS) in MLflow
  from 0, < 28ff3f94994941e038f2172c6484b65dc4db6ca1 | from 0, < 2.9.1
• MEDIUM6.5Cross-site Scripting (XSS) in MLflow
  from 0, < 2.9.0
• MEDIUM5.9MLflow Uncontrolled Resource Consumption vulnerability
  from 0, <= 2.17.2
• MEDIUM5.8MLFlow SSRF via gateway_proxy_handler
  >= 3.0.0rc0, < 3.1.0
• MEDIUM5.8MLFlow SSRF via gateway_proxy_handler
  from 0, < 39a419b4ec8fd11b59b3e50ab397042a490f2324 | from 0, < 3.1.0
• MEDIUM5.4MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface
  from 0, < 3.11.0rc0
• MEDIUM5.4MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface
  from 0, < 3.11.1
• MEDIUM5.4MLflow Cross-Site Request Forgery (CSRF) vulnerability
  >= 2.17.0, < 2.20.3
• MEDIUM5.4Undefined Behavior in mlflow
  from 0, < 2.11.3
• MEDIUM5.4MLflow allows low privilege users to delete any artifact
  from 0, < 2.10.1
• MEDIUM5.4MLflow allows low privilege users to delete any artifact
  from 0, < b43e0e3de5b500554e13dc032ba2083b2d6c94b8 | from 0, < 2.10.1
• MEDIUM5.3MLflow Uncontrolled Resource Consumption vulnerability
  from 0, <= 2.13.2
• MEDIUM4.3MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
  from 0, <= 3.10.1
• MEDIUM4.3MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint
  from 0, < 3.11.0rc0
• LOW3.8MLflow has Weak Password Requirements
  from 0, < 149c9e18aa219bc47e86b432e130e467a36f4a17 | from 0, < 2.19.0
• LOW3.8MLflow has Weak Password Requirements
  from 0, < 2.19.0
• LOW3.3Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
  from 0, < 63ef72aa4334a6473ce7f889573c92fcae0b3c0d | from 0, < 2.2.2
• LOW3.3Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
  from 0, < 2.2.1
• —MLflow Dataset Digest Computation digest_utils.py mlflow.data.digest_utils weak hash
  from 0, < 3.10.1