Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@0.9.0.1
Typepypi
Namespace
Namemlflow
Version0.9.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0rc0
Latest_non_vulnerable_version3.11.0
Affected_by_vulnerabilities
0
url VCID-36at-75qp-sqay
vulnerability_id VCID-36at-75qp-sqay
summary Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6709
reference_id
reference_type
scores
0
value 0.00262
scoring_system epss
scoring_elements 0.49719
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6709
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/432b8ccf27fd3a76df4ba79bb1bec62118a85625
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-281.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-281.yaml
4
reference_url https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/9e4cc07b-6fff-421b-89bd-9445ef61d34d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6709
reference_id CVE-2023-6709
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6709
6
reference_url https://github.com/advisories/GHSA-cxfr-5q3r-2rc2
reference_id GHSA-cxfr-5q3r-2rc2
reference_type
scores
url https://github.com/advisories/GHSA-cxfr-5q3r-2rc2
fixed_packages
0
url pkg:pypi/mlflow@2.9.2
purl pkg:pypi/mlflow@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qe9-6ecs-syek
1
vulnerability VCID-6tvx-kzfy-xfhv
2
vulnerability VCID-6x4v-udkg-z3es
3
vulnerability VCID-76zk-ent1-myc9
4
vulnerability VCID-8kf8-a6w5-m3b5
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-r2kq-hqdf-6ugh
11
vulnerability VCID-r9df-3b7p-jfcy
12
vulnerability VCID-s2ry-vd94-qfc6
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-ya6d-ny22-ybdh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.2
aliases BIT-mlflow-2023-6709, CVE-2023-6709, GHSA-cxfr-5q3r-2rc2, PYSEC-2023-281
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36at-75qp-sqay
1
url VCID-48xy-zsv8-8ube
vulnerability_id VCID-48xy-zsv8-8ube
summary Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6831
reference_id
reference_type
scores
0
value 0.73982
scoring_system epss
scoring_elements 0.98852
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6831
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-253.yaml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-253.yaml
4
reference_url https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/0acdd745-0167-4912-9d5c-02035fe5b314
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6831
reference_id CVE-2023-6831
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6831
6
reference_url https://github.com/advisories/GHSA-554w-xh4j-8w64
reference_id GHSA-554w-xh4j-8w64
reference_type
scores
url https://github.com/advisories/GHSA-554w-xh4j-8w64
fixed_packages
0
url pkg:pypi/mlflow@2.9.2
purl pkg:pypi/mlflow@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qe9-6ecs-syek
1
vulnerability VCID-6tvx-kzfy-xfhv
2
vulnerability VCID-6x4v-udkg-z3es
3
vulnerability VCID-76zk-ent1-myc9
4
vulnerability VCID-8kf8-a6w5-m3b5
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-r2kq-hqdf-6ugh
11
vulnerability VCID-r9df-3b7p-jfcy
12
vulnerability VCID-s2ry-vd94-qfc6
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-ya6d-ny22-ybdh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.2
aliases BIT-mlflow-2023-6831, CVE-2023-6831, GHSA-554w-xh4j-8w64, PYSEC-2023-253
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48xy-zsv8-8ube
2
url VCID-5qe9-6ecs-syek
vulnerability_id VCID-5qe9-6ecs-syek
summary Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27133
reference_id
reference_type
scores
0
value 0.00204
scoring_system epss
scoring_elements 0.42501
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27133
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/c43823750bffa5b6abcc086683b15a068513b67b
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/c43823750bffa5b6abcc086683b15a068513b67b
3
reference_url https://github.com/mlflow/mlflow/commit/cfa71879a884cc3520e23ccab998c9aa78fdf2b1
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/cfa71879a884cc3520e23ccab998c9aa78fdf2b1
4
reference_url https://github.com/mlflow/mlflow/pull/10893
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:45:19Z/
url https://github.com/mlflow/mlflow/pull/10893
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-241.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-241.yaml
6
reference_url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932
7
reference_url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-27T15:45:19Z/
url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27133
reference_id CVE-2024-27133
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27133
9
reference_url https://github.com/advisories/GHSA-3v79-q7ph-j75h
reference_id GHSA-3v79-q7ph-j75h
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3v79-q7ph-j75h
fixed_packages
0
url pkg:pypi/mlflow@2.10.0
purl pkg:pypi/mlflow@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-njg8-d2r5-rfax
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
4
vulnerability VCID-r2kq-hqdf-6ugh
5
vulnerability VCID-r9df-3b7p-jfcy
6
vulnerability VCID-utmm-2j11-eyh6
7
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.0
aliases BIT-mlflow-2024-27133, CVE-2024-27133, GHSA-3v79-q7ph-j75h, PYSEC-2024-241
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qe9-6ecs-syek
3
url VCID-6x4v-udkg-z3es
vulnerability_id VCID-6x4v-udkg-z3es
summary 
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.

This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.

The vulnerability stems from lack of sanitization over template variables.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27132
reference_id
reference_type
scores
0
value 0.00243
scoring_system epss
scoring_elements 0.47668
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27132
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/pull/10873
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-14T15:25:41Z/
url https://github.com/mlflow/mlflow/pull/10873
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-240.yaml
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-240.yaml
4
reference_url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930
5
reference_url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-08-14T15:25:41Z/
url https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27132
reference_id CVE-2024-27132
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27132
7
reference_url https://github.com/advisories/GHSA-6749-m5cp-6cg7
reference_id GHSA-6749-m5cp-6cg7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6749-m5cp-6cg7
fixed_packages
0
url pkg:pypi/mlflow@2.10.0
purl pkg:pypi/mlflow@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-njg8-d2r5-rfax
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
4
vulnerability VCID-r2kq-hqdf-6ugh
5
vulnerability VCID-r9df-3b7p-jfcy
6
vulnerability VCID-utmm-2j11-eyh6
7
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.0
aliases BIT-mlflow-2024-27132, CVE-2024-27132, GHSA-6749-m5cp-6cg7, PYSEC-2024-240
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6x4v-udkg-z3es
4
url VCID-7nhh-ryem-1qct
vulnerability_id VCID-7nhh-ryem-1qct
summary Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3765
reference_id
reference_type
scores
0
value 0.91453
scoring_system epss
scoring_elements 0.99679
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3765
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-308.yaml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-308.yaml
4
reference_url https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/4be5fd63-8a0a-490d-9ee1-f33dc768ed76
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-3765
reference_id CVE-2023-3765
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-3765
6
reference_url https://github.com/advisories/GHSA-fmxj-6h9g-6vw3
reference_id GHSA-fmxj-6h9g-6vw3
reference_type
scores
url https://github.com/advisories/GHSA-fmxj-6h9g-6vw3
fixed_packages
0
url pkg:pypi/mlflow@2.5.0
purl pkg:pypi/mlflow@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-96st-1wwr-4ken
5
vulnerability VCID-9ytn-66pw-kkc3
6
vulnerability VCID-a9rm-cwyd-u3eh
7
vulnerability VCID-gr3d-61ds-j7ej
8
vulnerability VCID-k4t6-vtwa-zyad
9
vulnerability VCID-maaz-3ur8-s3eg
10
vulnerability VCID-njg8-d2r5-rfax
11
vulnerability VCID-pugd-v7em-sbec
12
vulnerability VCID-qb49-yrtm-mfhm
13
vulnerability VCID-qnyj-3qc7-p7bp
14
vulnerability VCID-r2kq-hqdf-6ugh
15
vulnerability VCID-r9df-3b7p-jfcy
16
vulnerability VCID-rcw6-b3d2-8kgw
17
vulnerability VCID-utmm-2j11-eyh6
18
vulnerability VCID-xge2-eqq3-7bb9
19
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.5.0
aliases BIT-mlflow-2023-3765, CVE-2023-3765, GHSA-fmxj-6h9g-6vw3, PYSEC-2023-308
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7nhh-ryem-1qct
5
url VCID-96st-1wwr-4ken
vulnerability_id VCID-96st-1wwr-4ken
summary In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:48:58Z/
url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
4
reference_url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:48:58Z/
url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
fixed_packages
0
url pkg:pypi/mlflow@2.19.0
purl pkg:pypi/mlflow@2.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
1
vulnerability VCID-qnyj-3qc7-p7bp
2
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0
aliases BIT-mlflow-2025-1474, CVE-2025-1474, GHSA-4rj2-9gcx-5qhx, PYSEC-2025-17
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96st-1wwr-4ken
6
url VCID-9m1q-bfpj-1ugq
vulnerability_id VCID-9m1q-bfpj-1ugq
summary Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2780
reference_id
reference_type
scores
0
value 0.85985
scoring_system epss
scoring_elements 0.99405
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2780
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/fae77a525dd908c56d6204a4cef1c1c75b4e9857
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-69.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-69.yaml
4
reference_url https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/b12b0073-0bb0-4bd1-8fc2-ec7f17fd7689
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2780
reference_id CVE-2023-2780
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2780
6
reference_url https://github.com/advisories/GHSA-wjq3-7jxx-whj9
reference_id GHSA-wjq3-7jxx-whj9
reference_type
scores
url https://github.com/advisories/GHSA-wjq3-7jxx-whj9
fixed_packages
0
url pkg:pypi/mlflow@2.3.0
purl pkg:pypi/mlflow@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-gr3d-61ds-j7ej
10
vulnerability VCID-k4t6-vtwa-zyad
11
vulnerability VCID-njg8-d2r5-rfax
12
vulnerability VCID-pugd-v7em-sbec
13
vulnerability VCID-qb49-yrtm-mfhm
14
vulnerability VCID-qnyj-3qc7-p7bp
15
vulnerability VCID-r2kq-hqdf-6ugh
16
vulnerability VCID-r9df-3b7p-jfcy
17
vulnerability VCID-rcw6-b3d2-8kgw
18
vulnerability VCID-utmm-2j11-eyh6
19
vulnerability VCID-xge2-eqq3-7bb9
20
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.3.0
1
url pkg:pypi/mlflow@2.3.1
purl pkg:pypi/mlflow@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-a9rm-cwyd-u3eh
7
vulnerability VCID-gr3d-61ds-j7ej
8
vulnerability VCID-k4t6-vtwa-zyad
9
vulnerability VCID-njg8-d2r5-rfax
10
vulnerability VCID-pugd-v7em-sbec
11
vulnerability VCID-qb49-yrtm-mfhm
12
vulnerability VCID-qnyj-3qc7-p7bp
13
vulnerability VCID-r2kq-hqdf-6ugh
14
vulnerability VCID-r9df-3b7p-jfcy
15
vulnerability VCID-rcw6-b3d2-8kgw
16
vulnerability VCID-utmm-2j11-eyh6
17
vulnerability VCID-xge2-eqq3-7bb9
18
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.3.1
aliases BIT-mlflow-2023-2780, CVE-2023-2780, GHSA-wjq3-7jxx-whj9, PYSEC-2023-69
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9m1q-bfpj-1ugq
7
url VCID-a9rm-cwyd-u3eh
vulnerability_id VCID-a9rm-cwyd-u3eh
summary A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6568
reference_id
reference_type
scores
0
value 0.33351
scoring_system epss
scoring_elements 0.97
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6568
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/28ff3f94994941e038f2172c6484b65dc4db6ca1
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-260.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-260.yaml
4
reference_url https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/816bdaaa-8153-4732-951e-b0d92fddf709
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6568
reference_id CVE-2023-6568
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6568
6
reference_url https://github.com/advisories/GHSA-vwhf-3v6x-wff8
reference_id GHSA-vwhf-3v6x-wff8
reference_type
scores
url https://github.com/advisories/GHSA-vwhf-3v6x-wff8
fixed_packages
0
url pkg:pypi/mlflow@2.9.0
purl pkg:pypi/mlflow@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-96st-1wwr-4ken
5
vulnerability VCID-a9rm-cwyd-u3eh
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qb49-yrtm-mfhm
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-r2kq-hqdf-6ugh
12
vulnerability VCID-r9df-3b7p-jfcy
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.0
1
url pkg:pypi/mlflow@2.9.1
purl pkg:pypi/mlflow@2.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-96st-1wwr-4ken
5
vulnerability VCID-gr3d-61ds-j7ej
6
vulnerability VCID-njg8-d2r5-rfax
7
vulnerability VCID-pugd-v7em-sbec
8
vulnerability VCID-qb49-yrtm-mfhm
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-r2kq-hqdf-6ugh
11
vulnerability VCID-r9df-3b7p-jfcy
12
vulnerability VCID-utmm-2j11-eyh6
13
vulnerability VCID-xge2-eqq3-7bb9
14
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.1
aliases BIT-mlflow-2023-6568, CVE-2023-6568, GHSA-vwhf-3v6x-wff8, PYSEC-2023-260
risk_score 2.8
exploitability 0.5
weighted_severity 5.5
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9rm-cwyd-u3eh
8
url VCID-bwzm-djs7-u3c7
vulnerability_id VCID-bwzm-djs7-u3c7
summary Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-0736
reference_id
reference_type
scores
0
value 0.00627
scoring_system epss
scoring_elements 0.70556
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-0736
1
reference_url https://github.com/advisories/GHSA-vqj2-4v8m-8vrq
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-vqj2-4v8m-8vrq
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/61984e6843d2e59235d82a580c529920cd8f3711
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2022-28.yaml
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2022-28.yaml
5
reference_url https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/e5384764-c583-4dec-a1d8-4697f4e12f75
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0736
reference_id CVE-2022-0736
reference_type
scores
0
value 8.2
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value 8.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-0736
fixed_packages
0
url pkg:pypi/mlflow@1.23.1
purl pkg:pypi/mlflow@1.23.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qc2c-rj8n-6uam
16
vulnerability VCID-qnyj-3qc7-p7bp
17
vulnerability VCID-r2kq-hqdf-6ugh
18
vulnerability VCID-r9df-3b7p-jfcy
19
vulnerability VCID-rcw6-b3d2-8kgw
20
vulnerability VCID-utmm-2j11-eyh6
21
vulnerability VCID-uu5n-hmfm-ukda
22
vulnerability VCID-xge2-eqq3-7bb9
23
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@1.23.1
aliases BIT-mlflow-2022-0736, CVE-2022-0736, GHSA-vqj2-4v8m-8vrq, PYSEC-2022-28
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bwzm-djs7-u3c7
9
url VCID-e3fn-uw8r-57fa
vulnerability_id VCID-e3fn-uw8r-57fa
summary Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-2356
reference_id
reference_type
scores
0
value 0.90076
scoring_system epss
scoring_elements 0.99602
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-2356
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/f73147496e05c09a8b83d95fb4f1bf86696c6342
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-68.yaml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-68.yaml
4
reference_url https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/7b5d130d-38eb-4133-8c7d-0dfc9a9d9896
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-2356
reference_id CVE-2023-2356
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
1
value 7.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:L
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-2356
6
reference_url https://github.com/advisories/GHSA-x422-6qhv-p29g
reference_id GHSA-x422-6qhv-p29g
reference_type
scores
url https://github.com/advisories/GHSA-x422-6qhv-p29g
fixed_packages
0
url pkg:pypi/mlflow@2.3.1
purl pkg:pypi/mlflow@2.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-a9rm-cwyd-u3eh
7
vulnerability VCID-gr3d-61ds-j7ej
8
vulnerability VCID-k4t6-vtwa-zyad
9
vulnerability VCID-njg8-d2r5-rfax
10
vulnerability VCID-pugd-v7em-sbec
11
vulnerability VCID-qb49-yrtm-mfhm
12
vulnerability VCID-qnyj-3qc7-p7bp
13
vulnerability VCID-r2kq-hqdf-6ugh
14
vulnerability VCID-r9df-3b7p-jfcy
15
vulnerability VCID-rcw6-b3d2-8kgw
16
vulnerability VCID-utmm-2j11-eyh6
17
vulnerability VCID-xge2-eqq3-7bb9
18
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.3.1
aliases BIT-mlflow-2023-2356, CVE-2023-2356, GHSA-x422-6qhv-p29g, PYSEC-2023-68
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3fn-uw8r-57fa
10
url VCID-g1r4-zv18-t7ga
vulnerability_id VCID-g1r4-zv18-t7ga
summary Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1176
reference_id
reference_type
scores
0
value 0.00157
scoring_system epss
scoring_elements 0.36261
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1176
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/63ef72aa4334a6473ce7f889573c92fcae0b3c0d
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-28.yaml
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-28.yaml
4
reference_url https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085
reference_id
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/ae92f814-6a08-435c-8445-eec0ef4f1085
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1176
reference_id CVE-2023-1176
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1176
6
reference_url https://github.com/advisories/GHSA-wp72-7hj9-5265
reference_id GHSA-wp72-7hj9-5265
reference_type
scores
url https://github.com/advisories/GHSA-wp72-7hj9-5265
7
reference_url https://github.com/mlflow/mlflow/security/advisories/GHSA-wp72-7hj9-5265
reference_id GHSA-wp72-7hj9-5265
reference_type
scores
0
value 3.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/security/advisories/GHSA-wp72-7hj9-5265
fixed_packages
0
url pkg:pypi/mlflow@2.2.1
purl pkg:pypi/mlflow@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qnyj-3qc7-p7bp
16
vulnerability VCID-r2kq-hqdf-6ugh
17
vulnerability VCID-r9df-3b7p-jfcy
18
vulnerability VCID-rcw6-b3d2-8kgw
19
vulnerability VCID-utmm-2j11-eyh6
20
vulnerability VCID-xge2-eqq3-7bb9
21
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.2.1
1
url pkg:pypi/mlflow@2.2.2
purl pkg:pypi/mlflow@2.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-gr3d-61ds-j7ej
10
vulnerability VCID-k4t6-vtwa-zyad
11
vulnerability VCID-njg8-d2r5-rfax
12
vulnerability VCID-pugd-v7em-sbec
13
vulnerability VCID-qb49-yrtm-mfhm
14
vulnerability VCID-qnyj-3qc7-p7bp
15
vulnerability VCID-r2kq-hqdf-6ugh
16
vulnerability VCID-r9df-3b7p-jfcy
17
vulnerability VCID-rcw6-b3d2-8kgw
18
vulnerability VCID-utmm-2j11-eyh6
19
vulnerability VCID-xge2-eqq3-7bb9
20
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.2.2
aliases BIT-mlflow-2023-1176, CVE-2023-1176, GHSA-wp72-7hj9-5265, PYSEC-2023-28
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g1r4-zv18-t7ga
11
url VCID-gr3d-61ds-j7ej
vulnerability_id VCID-gr3d-61ds-j7ej
summary mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3573
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41831
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3573
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
2
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:40:10Z/
url https://github.com/mlflow/mlflow/commit/438a450714a3ca06285eeea34bdc6cf79d7f6cbc
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-243.yaml
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-243.yaml
4
reference_url https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c
reference_id
reference_type
scores
0
value 9.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
2
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-17T19:40:10Z/
url https://huntr.com/bounties/8ea058a7-4ef8-4baf-9198-bc0147fc543c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3573
reference_id CVE-2024-3573
reference_type
scores
0
value 9.3
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3573
6
reference_url https://github.com/advisories/GHSA-hq88-wg7q-gp4g
reference_id GHSA-hq88-wg7q-gp4g
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hq88-wg7q-gp4g
fixed_packages
0
url pkg:pypi/mlflow@2.10.0
purl pkg:pypi/mlflow@2.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-njg8-d2r5-rfax
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
4
vulnerability VCID-r2kq-hqdf-6ugh
5
vulnerability VCID-r9df-3b7p-jfcy
6
vulnerability VCID-utmm-2j11-eyh6
7
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.0
aliases BIT-mlflow-2024-3573, CVE-2024-3573, GHSA-hq88-wg7q-gp4g, PYSEC-2024-243
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gr3d-61ds-j7ej
12
url VCID-k4t6-vtwa-zyad
vulnerability_id VCID-k4t6-vtwa-zyad
summary OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-4033
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39616
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-4033
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/6dde93758d42455cb90ef324407919ed67668b9b
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-280.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-280.yaml
4
reference_url https://huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/5312d6f8-67a5-4607-bd47-5e19966fa321
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4033
reference_id CVE-2023-4033
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-4033
6
reference_url https://github.com/advisories/GHSA-ffw3-6378-cqgp
reference_id GHSA-ffw3-6378-cqgp
reference_type
scores
url https://github.com/advisories/GHSA-ffw3-6378-cqgp
fixed_packages
0
url pkg:pypi/mlflow@2.6.0
purl pkg:pypi/mlflow@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-96st-1wwr-4ken
5
vulnerability VCID-a9rm-cwyd-u3eh
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qb49-yrtm-mfhm
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-r2kq-hqdf-6ugh
12
vulnerability VCID-r9df-3b7p-jfcy
13
vulnerability VCID-rcw6-b3d2-8kgw
14
vulnerability VCID-utmm-2j11-eyh6
15
vulnerability VCID-xge2-eqq3-7bb9
16
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.6.0
aliases BIT-mlflow-2023-4033, CVE-2023-4033, GHSA-ffw3-6378-cqgp, PYSEC-2023-280
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k4t6-vtwa-zyad
13
url VCID-njg8-d2r5-rfax
vulnerability_id VCID-njg8-d2r5-rfax
summary A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4263
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19451
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4263
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/b43e0e3de5b500554e13dc032ba2083b2d6c94b8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T15:35:23Z/
url https://github.com/mlflow/mlflow/commit/b43e0e3de5b500554e13dc032ba2083b2d6c94b8
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-51.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-51.yaml
4
reference_url https://huntr.com/bounties/bfa116d3-2af8-4c4a-ac34-ccde7491ae11
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-24T15:35:23Z/
url https://huntr.com/bounties/bfa116d3-2af8-4c4a-ac34-ccde7491ae11
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4263
reference_id CVE-2024-4263
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-4263
6
reference_url https://github.com/advisories/GHSA-p4jx-q62p-x5jr
reference_id GHSA-p4jx-q62p-x5jr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4jx-q62p-x5jr
fixed_packages
0
url pkg:pypi/mlflow@2.10.1
purl pkg:pypi/mlflow@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r2kq-hqdf-6ugh
4
vulnerability VCID-r9df-3b7p-jfcy
5
vulnerability VCID-utmm-2j11-eyh6
6
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.1
aliases BIT-mlflow-2024-4263, CVE-2024-4263, GHSA-p4jx-q62p-x5jr, PYSEC-2024-51
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njg8-d2r5-rfax
14
url VCID-pugd-v7em-sbec
vulnerability_id VCID-pugd-v7em-sbec
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0132
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
6
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://github.com/mlflow/mlflow/pull/21435
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
fixed_packages
0
url pkg:pypi/mlflow@3.11.1
purl pkg:pypi/mlflow@3.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.1
1
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases BIT-mlflow-2026-33865, CVE-2026-33865, GHSA-fh64-r2vc-xvhr, PYSEC-2026-93
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pugd-v7em-sbec
15
url VCID-qb49-yrtm-mfhm
vulnerability_id VCID-qb49-yrtm-mfhm
summary Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6753
reference_id
reference_type
scores
0
value 0.02418
scoring_system epss
scoring_elements 0.85373
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6753
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/1c6309f884798fbf56017a3cc808016869ee8de4
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-309.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-309.yaml
4
reference_url https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/b397b83a-527a-47e7-b912-a12a17a6cfb4
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6753
reference_id CVE-2023-6753
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6753
6
reference_url https://github.com/advisories/GHSA-v945-r3rc-6fjm
reference_id GHSA-v945-r3rc-6fjm
reference_type
scores
url https://github.com/advisories/GHSA-v945-r3rc-6fjm
fixed_packages
0
url pkg:pypi/mlflow@2.9.2
purl pkg:pypi/mlflow@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qe9-6ecs-syek
1
vulnerability VCID-6tvx-kzfy-xfhv
2
vulnerability VCID-6x4v-udkg-z3es
3
vulnerability VCID-76zk-ent1-myc9
4
vulnerability VCID-8kf8-a6w5-m3b5
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-r2kq-hqdf-6ugh
11
vulnerability VCID-r9df-3b7p-jfcy
12
vulnerability VCID-s2ry-vd94-qfc6
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-ya6d-ny22-ybdh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.2
aliases BIT-mlflow-2023-6753, CVE-2023-6753, GHSA-v945-r3rc-6fjm, PYSEC-2023-309
risk_score 4.0
exploitability 0.5
weighted_severity 7.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qb49-yrtm-mfhm
16
url VCID-qc2c-rj8n-6uam
vulnerability_id VCID-qc2c-rj8n-6uam
summary A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-30172
reference_id
reference_type
scores
0
value 0.00452
scoring_system epss
scoring_elements 0.64013
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-30172
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/ac4b697bb0bb8a331944dca63f4235b4bf602ab8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/ac4b697bb0bb8a331944dca63f4235b4bf602ab8
3
reference_url https://github.com/mlflow/mlflow/commits/v2.0.0?after=00c3b0a350a28c25b16fbb7feddb8147a919ce18+69&branch=v2.0.0&qualified_name=refs%2Ftags%2Fv2.0.0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commits/v2.0.0?after=00c3b0a350a28c25b16fbb7feddb8147a919ce18+69&branch=v2.0.0&qualified_name=refs%2Ftags%2Fv2.0.0
4
reference_url https://github.com/mlflow/mlflow/issues/7166
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:51:22Z/
url https://github.com/mlflow/mlflow/issues/7166
5
reference_url https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-27T16:51:22Z/
url https://github.com/mlflow/mlflow/issues/7166#issuecomment-1541543234
6
reference_url https://github.com/mlflow/mlflow/pull/7170
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/7170
7
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-70.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-70.yaml
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-30172
reference_id CVE-2023-30172
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-30172
9
reference_url https://github.com/advisories/GHSA-wc6j-5g83-xfm6
reference_id GHSA-wc6j-5g83-xfm6
reference_type
scores
url https://github.com/advisories/GHSA-wc6j-5g83-xfm6
fixed_packages
0
url pkg:pypi/mlflow@2.0.0rc0
purl pkg:pypi/mlflow@2.0.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qc2c-rj8n-6uam
16
vulnerability VCID-qnyj-3qc7-p7bp
17
vulnerability VCID-r2kq-hqdf-6ugh
18
vulnerability VCID-r9df-3b7p-jfcy
19
vulnerability VCID-rcw6-b3d2-8kgw
20
vulnerability VCID-utmm-2j11-eyh6
21
vulnerability VCID-uu5n-hmfm-ukda
22
vulnerability VCID-vc1v-v5mg-wufa
23
vulnerability VCID-xge2-eqq3-7bb9
24
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.0.0rc0
1
url pkg:pypi/mlflow@2.0.0
purl pkg:pypi/mlflow@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qc2c-rj8n-6uam
16
vulnerability VCID-qnyj-3qc7-p7bp
17
vulnerability VCID-r2kq-hqdf-6ugh
18
vulnerability VCID-r9df-3b7p-jfcy
19
vulnerability VCID-rcw6-b3d2-8kgw
20
vulnerability VCID-utmm-2j11-eyh6
21
vulnerability VCID-uu5n-hmfm-ukda
22
vulnerability VCID-xge2-eqq3-7bb9
23
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.0.0
2
url pkg:pypi/mlflow@2.0.1
purl pkg:pypi/mlflow@2.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qnyj-3qc7-p7bp
16
vulnerability VCID-r2kq-hqdf-6ugh
17
vulnerability VCID-r9df-3b7p-jfcy
18
vulnerability VCID-rcw6-b3d2-8kgw
19
vulnerability VCID-utmm-2j11-eyh6
20
vulnerability VCID-uu5n-hmfm-ukda
21
vulnerability VCID-xge2-eqq3-7bb9
22
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.0.1
aliases BIT-mlflow-2023-30172, CVE-2023-30172, GHSA-wc6j-5g83-xfm6, PYSEC-2023-70
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qc2c-rj8n-6uam
17
url VCID-qnyj-3qc7-p7bp
vulnerability_id VCID-qnyj-3qc7-p7bp
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01037
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
6
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://github.com/mlflow/mlflow/pull/21708
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases BIT-mlflow-2026-33866, CVE-2026-33866, GHSA-46r5-x6jq-v8g6, PYSEC-2026-94
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnyj-3qc7-p7bp
18
url VCID-r2kq-hqdf-6ugh
vulnerability_id VCID-r2kq-hqdf-6ugh
summary A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3848
reference_id
reference_type
scores
0
value 0.77074
scoring_system epss
scoring_elements 0.98989
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3848
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T13:51:45Z/
url https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-244.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-244.yaml
4
reference_url https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-16T13:51:45Z/
url https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3848
reference_id CVE-2024-3848
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-3848
6
reference_url https://github.com/advisories/GHSA-rfqq-wq6w-72jm
reference_id GHSA-rfqq-wq6w-72jm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfqq-wq6w-72jm
fixed_packages
0
url pkg:pypi/mlflow@2.12.1
purl pkg:pypi/mlflow@2.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r9df-3b7p-jfcy
4
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.12.1
aliases BIT-mlflow-2024-3848, CVE-2024-3848, GHSA-rfqq-wq6w-72jm, PYSEC-2024-244
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2kq-hqdf-6ugh
19
url VCID-r9df-3b7p-jfcy
vulnerability_id VCID-r9df-3b7p-jfcy
summary Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27134
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09252
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27134
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/0b1d995d66a678153e01ed3040f3f4dfc16a0d6b
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/0b1d995d66a678153e01ed3040f3f4dfc16a0d6b
3
reference_url https://github.com/mlflow/mlflow/pull/10874
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
3
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-25T14:23:17Z/
url https://github.com/mlflow/mlflow/pull/10874
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27134
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27134
fixed_packages
0
url pkg:pypi/mlflow@2.16.0
purl pkg:pypi/mlflow@2.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.16.0
aliases BIT-mlflow-2024-27134, CVE-2024-27134, GHSA-qpgc-w4mg-6v92, PYSEC-2024-224
risk_score 3.1
exploitability 0.5
weighted_severity 6.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9df-3b7p-jfcy
20
url VCID-rcw6-b3d2-8kgw
vulnerability_id VCID-rcw6-b3d2-8kgw
summary A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-0520
reference_id
reference_type
scores
0
value 0.04877
scoring_system epss
scoring_elements 0.89729
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-0520
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T20:17:45Z/
url https://github.com/mlflow/mlflow/commit/400c226953b4568f4361bc0a0c223511652c2b9d
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-239.yaml
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-239.yaml
4
reference_url https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-06T20:17:45Z/
url https://huntr.com/bounties/93e470d7-b6f0-409b-af63-49d3e2a26dbc
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-0520
reference_id CVE-2024-0520
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-0520
6
reference_url https://github.com/advisories/GHSA-5q6c-ffvg-xcm9
reference_id GHSA-5q6c-ffvg-xcm9
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5q6c-ffvg-xcm9
fixed_packages
0
url pkg:pypi/mlflow@2.9.0
purl pkg:pypi/mlflow@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-96st-1wwr-4ken
5
vulnerability VCID-a9rm-cwyd-u3eh
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qb49-yrtm-mfhm
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-r2kq-hqdf-6ugh
12
vulnerability VCID-r9df-3b7p-jfcy
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.0
aliases BIT-mlflow-2024-0520, CVE-2024-0520, GHSA-5q6c-ffvg-xcm9, PYSEC-2024-239
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcw6-b3d2-8kgw
21
url VCID-utmm-2j11-eyh6
vulnerability_id VCID-utmm-2j11-eyh6
summary A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2928
reference_id
reference_type
scores
0
value 0.9165
scoring_system epss
scoring_elements 0.99691
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2928
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-06T19:39:18Z/
url https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-242.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-242.yaml
4
reference_url https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-06T19:39:18Z/
url https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2928
reference_id CVE-2024-2928
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-2928
6
reference_url https://github.com/advisories/GHSA-j46q-5pxx-8vmw
reference_id GHSA-j46q-5pxx-8vmw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j46q-5pxx-8vmw
fixed_packages
0
url pkg:pypi/mlflow@2.11.3
purl pkg:pypi/mlflow@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r2kq-hqdf-6ugh
4
vulnerability VCID-r9df-3b7p-jfcy
5
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.11.3
aliases BIT-mlflow-2024-2928, CVE-2024-2928, GHSA-j46q-5pxx-8vmw, PYSEC-2024-242
risk_score 10.0
exploitability 2.0
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utmm-2j11-eyh6
22
url VCID-uu5n-hmfm-ukda
vulnerability_id VCID-uu5n-hmfm-ukda
summary Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-1177
reference_id
reference_type
scores
0
value 0.93314
scoring_system epss
scoring_elements 0.99818
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-1177
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
3
reference_url https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/7891/commits/7162a50c654792c21f3e4a160eb1a0e6a34f6e6e
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-29.yaml
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-29.yaml
5
reference_url https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://huntr.dev/bounties/1fe8f21a-c438-4cba-9add-e8a5dab94e28
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-1177
reference_id CVE-2023-1177
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-1177
7
reference_url https://github.com/advisories/GHSA-xg73-94fp-g449
reference_id GHSA-xg73-94fp-g449
reference_type
scores
url https://github.com/advisories/GHSA-xg73-94fp-g449
8
reference_url https://github.com/mlflow/mlflow/security/advisories/GHSA-xg73-94fp-g449
reference_id GHSA-xg73-94fp-g449
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/security/advisories/GHSA-xg73-94fp-g449
fixed_packages
0
url pkg:pypi/mlflow@2.2.1
purl pkg:pypi/mlflow@2.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-36at-75qp-sqay
1
vulnerability VCID-48xy-zsv8-8ube
2
vulnerability VCID-5qe9-6ecs-syek
3
vulnerability VCID-6x4v-udkg-z3es
4
vulnerability VCID-7nhh-ryem-1qct
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-9m1q-bfpj-1ugq
7
vulnerability VCID-a9rm-cwyd-u3eh
8
vulnerability VCID-e3fn-uw8r-57fa
9
vulnerability VCID-g1r4-zv18-t7ga
10
vulnerability VCID-gr3d-61ds-j7ej
11
vulnerability VCID-k4t6-vtwa-zyad
12
vulnerability VCID-njg8-d2r5-rfax
13
vulnerability VCID-pugd-v7em-sbec
14
vulnerability VCID-qb49-yrtm-mfhm
15
vulnerability VCID-qnyj-3qc7-p7bp
16
vulnerability VCID-r2kq-hqdf-6ugh
17
vulnerability VCID-r9df-3b7p-jfcy
18
vulnerability VCID-rcw6-b3d2-8kgw
19
vulnerability VCID-utmm-2j11-eyh6
20
vulnerability VCID-xge2-eqq3-7bb9
21
vulnerability VCID-xk3w-k96c-3kav
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.2.1
aliases BIT-mlflow-2023-1177, CVE-2023-1177, GHSA-xg73-94fp-g449, PYSEC-2023-29
risk_score 1.6
exploitability 2.0
weighted_severity 0.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uu5n-hmfm-ukda
23
url VCID-xge2-eqq3-7bb9
vulnerability_id VCID-xge2-eqq3-7bb9
summary gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48134
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/issues/15944
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/issues/15944
3
reference_url https://github.com/mlflow/mlflow/pull/15970
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/pull/15970
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
5
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
fixed_packages
0
url pkg:pypi/mlflow@2.22.2
purl pkg:pypi/mlflow@2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
1
vulnerability VCID-qnyj-3qc7-p7bp
2
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.2
1
url pkg:pypi/mlflow@3.1.0
purl pkg:pypi/mlflow@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
1
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.1.0
aliases BIT-mlflow-2025-52967, CVE-2025-52967, GHSA-wxj7-3fx5-pp9m, PYSEC-2025-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xge2-eqq3-7bb9
24
url VCID-xk3w-k96c-3kav
vulnerability_id VCID-xk3w-k96c-3kav
summary Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-6909
reference_id
reference_type
scores
0
value 0.85715
scoring_system epss
scoring_elements 0.99391
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-6909
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/1da75dfcecd4d169e34809ade55748384e8af6c1
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-252.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2023-252.yaml
4
reference_url https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://huntr.com/bounties/11209efb-0f84-482f-add0-587ea6b7e850
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6909
reference_id CVE-2023-6909
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-6909
6
reference_url https://github.com/advisories/GHSA-5r3q-93q3-f978
reference_id GHSA-5r3q-93q3-f978
reference_type
scores
url https://github.com/advisories/GHSA-5r3q-93q3-f978
fixed_packages
0
url pkg:pypi/mlflow@2.9.2
purl pkg:pypi/mlflow@2.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5qe9-6ecs-syek
1
vulnerability VCID-6tvx-kzfy-xfhv
2
vulnerability VCID-6x4v-udkg-z3es
3
vulnerability VCID-76zk-ent1-myc9
4
vulnerability VCID-8kf8-a6w5-m3b5
5
vulnerability VCID-96st-1wwr-4ken
6
vulnerability VCID-gr3d-61ds-j7ej
7
vulnerability VCID-njg8-d2r5-rfax
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-r2kq-hqdf-6ugh
11
vulnerability VCID-r9df-3b7p-jfcy
12
vulnerability VCID-s2ry-vd94-qfc6
13
vulnerability VCID-utmm-2j11-eyh6
14
vulnerability VCID-xge2-eqq3-7bb9
15
vulnerability VCID-ya6d-ny22-ybdh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.9.2
aliases BIT-mlflow-2023-6909, CVE-2023-6909, GHSA-5r3q-93q3-f978, PYSEC-2023-252
risk_score 10.0
exploitability 2.0
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xk3w-k96c-3kav
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@0.9.0.1