Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-46r5-x6jq-v8g6
  • PyPI/mlflow
 MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint 07 Apr
  • No fix available
  • Severity - 5.3 (Medium)
GHSA-fh64-r2vc-xvhr
  • PyPI/mlflow
 MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface 07 Apr
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-7qhf-v65m-g5f3
  • PyPI/mlflow
 mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization 03 Apr
  • No fix available
  • Severity - 9.1 (Critical)
GHSA-rvhj-8chj-8v3c
  • PyPI/mflow
 Mflow: Command Injection when serving models with enable_mlserver=True 31 Mar
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-r23q-823p-vmf7
  • PyPI/mlflow
 MLflow Command Injection vulnerability 30 Mar
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-vhcx-3pq2-4fvc
  • PyPI/mlflow
 MLFlow path traversal vulnerability 30 Mar
  • Fix available
  • Severity - 9.6 (Critical)
GHSA-g6pg-52vf-843h
  • PyPI/mlflow
 MLFlow allows Tracing + Assessments Access 27 Mar
  • No fix available
  • Severity - 8.1 (High)
GHSA-fhff-qmm8-h2fp
  • PyPI/mlflow
 Arbitrary file write via tar traversal in mlflow 19 Mar
  • Fix available
  • Severity - 8.1 (High)
GHSA-xch3-2f9x-wh9f
  • PyPI/mlflow
 MLflow has a command injection in mlflow/sagemaker/__init__.py 16 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-gq3w-7jj3-x7gr
  • PyPI/mlflow
 MLflow Use of Default Password Authentication Bypass Vulnerability 21 Feb
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-q2r8-vmq7-fpx2
  • PyPI/mlflow
 MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability 21 Feb
  • Fix available
  • Severity - 8.1 (High)
GHSA-4x5p-f36r-mxxr
  • PyPI/mlflow
 mlflow Creates of Temporary File in Directory with Insecure Permissions 02 Feb
  • Fix available
  • Severity - 7.0 (High)
GHSA-pgqp-8h46-6x4j
  • PyPI/mlflow
 MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation 12 Jan
  • Fix available
  • Severity - 8.1 (High)
GHSA-5cvj-7rg6-jggj
  • PyPI/mlflow
 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability 29 Oct 2025
  • Fix available
  • Severity - 8.1 (High)
GHSA-6xj8-rrqx-r4cv
  • PyPI/mlflow
 MLflow Weak Password Requirements Authentication Bypass Vulnerability 29 Oct 2025
  • Fix available
  • Severity - 8.1 (High)
GHSA-wxj7-3fx5-pp9m
  • PyPI/mlflow
 MLFlow SSRF via gateway_proxy_handler 23 Jun 2025
  • Fix available
  • Severity - 5.8 (Medium)
Load more...