Filter

Versions

2.9.2
3
1.1.0
2
0.5.0
1
0.9.0
1
1.0.0
1
1.11.0
1
1.23.0
1
1.24.0
1
1.27.0
1
2.0.0
1
2.5.0
1
2.8.1
1
2.9.0
1

pip/mlflowExcessive directory permissions in MLflow leads to local privilege escalation when using spark_udf

high
7
First published (updated )
CVE-2024-27134

pip/mlflowLocal File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow

high
7.5
First published (updated )
CVE-2024-2928

pip/mlflowRemote Code Execution due to Full Controlled File Write in mlflow/mlflow

critical
10
First published (updated )
CVE-2024-0520

pip/mlflowDenial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow

medium
5.4
First published (updated )
CVE-2024-3099

pip/mlflowCode Injection, Input Validation

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37061

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.…

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37060

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0…

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37059

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0…

high
8.8
First published (updated )
CVE-2024-37058

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0…

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37057

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.…

high
8.8
First published (updated )
CVE-2024-37056

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.…

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37055

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0…

high
8.8
EPSS
0.04%
First published (updated )
CVE-2024-37054

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0…

high
8.8
First published (updated )
CVE-2024-37053

pip/mlflowDeserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0…

high
8.8
First published (updated )
CVE-2024-37052

pip/mlflowImproper Access Control in mlflow/mlflow

medium
5.4
EPSS
0.04%
First published (updated )
CVE-2024-4263

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/mlflowPath Traversal Bypass in mlflow/mlflow

high
7.5
EPSS
0.04%
First published (updated )
CVE-2024-3848

pip/mlflowLocal File Read via Path Traversal in mlflow/mlflow

high
7.5
First published (updated )
CVE-2024-1594

pip/mlflowPath Traversal Vulnerability in mlflow/mlflow

high
7.5
First published (updated )
CVE-2024-1483

pip/mlflowPath Traversal via Parameter Smuggling in mlflow/mlflow

high
7.5
First published (updated )
CVE-2024-1593

pip/mlflowPath Traversal Vulnerability in mlflow/mlflow

high
7.5
First published (updated )
CVE-2024-1558

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/mlflowLocal File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow

critical
9.3
EPSS
0.04%
First published (updated )
CVE-2024-3573

pip/mlflowPath Traversal Vulnerability in mlflow/mlflow

high
8.1
First published (updated )
CVE-2024-1560

pip/mlflowInsufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset.

critical
9.7
EPSS
0.04%
First published (updated )
CVE-2024-27133

pip/mlflowInsufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

critical
9.7
EPSS
0.04%
First published (updated )
CVE-2024-27132

pip/mlflowPath Traversal: '\..\filename'

critical
10
EPSS
0.56%
First published (updated )
CVE-2023-6977

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

pip/mlflowUnrestricted Upload of File with Dangerous Type

high
8.8
EPSS
0.05%
First published (updated )
CVE-2023-6976

pip/mlflowPath Traversal: '\..\filename'

critical
10
EPSS
0.12%
First published (updated )
CVE-2023-6975

pip/mlflowServer-Side Request Forgery (SSRF)

critical
9.8
EPSS
0.26%
First published (updated )
CVE-2023-6974

pip/mlflowCommand Injection

critical
9
EPSS
0.13%
First published (updated )
CVE-2023-6940

pip/mlflowPath Traversal: '\..\filename' in mlflow/mlflow

high
7.5
EPSS
0.08%
First published (updated )
CVE-2023-6909

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203