Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@2.10.1
Typepypi
Namespace
Namemlflow
Version2.10.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0rc0
Latest_non_vulnerable_version3.11.0rc0
Affected_by_vulnerabilities
0
url VCID-96st-1wwr-4ken
vulnerability_id VCID-96st-1wwr-4ken
summary In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
1
reference_url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
2
reference_url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
fixed_packages
0
url pkg:pypi/mlflow@2.19.0
purl pkg:pypi/mlflow@2.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
1
vulnerability VCID-qnyj-3qc7-p7bp
2
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0
aliases CVE-2025-1474, PYSEC-2025-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96st-1wwr-4ken
1
url VCID-pugd-v7em-sbec
vulnerability_id VCID-pugd-v7em-sbec
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0132
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
3
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://github.com/mlflow/mlflow/pull/21435
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33865, PYSEC-2026-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pugd-v7em-sbec
2
url VCID-qnyj-3qc7-p7bp
vulnerability_id VCID-qnyj-3qc7-p7bp
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01037
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
3
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://github.com/mlflow/mlflow/pull/21708
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33866, PYSEC-2026-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnyj-3qc7-p7bp
3
url VCID-r2kq-hqdf-6ugh
vulnerability_id VCID-r2kq-hqdf-6ugh
summary A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-3848
reference_id
reference_type
scores
0
value 0.77074
scoring_system epss
scoring_elements 0.98989
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-3848
1
reference_url https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/mlflow/mlflow/commit/f8d51e21523238280ebcfdb378612afd7844eca8
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-244.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-244.yaml
3
reference_url https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://huntr.com/bounties/8d5aadaa-522f-4839-b41b-d7da362dd610
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-3848
reference_id CVE-2024-3848
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-3848
5
reference_url https://github.com/advisories/GHSA-rfqq-wq6w-72jm
reference_id GHSA-rfqq-wq6w-72jm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfqq-wq6w-72jm
fixed_packages
0
url pkg:pypi/mlflow@2.12.1
purl pkg:pypi/mlflow@2.12.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r9df-3b7p-jfcy
4
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.12.1
aliases CVE-2024-3848, GHSA-rfqq-wq6w-72jm, PYSEC-2024-244
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r2kq-hqdf-6ugh
4
url VCID-r9df-3b7p-jfcy
vulnerability_id VCID-r9df-3b7p-jfcy
summary Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-27134
reference_id
reference_type
scores
0
value 0.0003
scoring_system epss
scoring_elements 0.09252
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-27134
1
reference_url https://github.com/mlflow/mlflow/pull/10874
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://github.com/mlflow/mlflow/pull/10874
fixed_packages
0
url pkg:pypi/mlflow@2.16.0
purl pkg:pypi/mlflow@2.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.16.0
aliases CVE-2024-27134, PYSEC-2024-224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r9df-3b7p-jfcy
5
url VCID-utmm-2j11-eyh6
vulnerability_id VCID-utmm-2j11-eyh6
summary A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-2928
reference_id
reference_type
scores
0
value 0.9165
scoring_system epss
scoring_elements 0.99691
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-2928
1
reference_url https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://github.com/mlflow/mlflow/commit/96f0b573a73d8eedd6735a2ce26e08859527be07
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-242.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-242.yaml
3
reference_url https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://huntr.com/bounties/19bf02d7-6393-4a95-b9d0-d6d4d2d8c298
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-2928
reference_id CVE-2024-2928
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-2928
5
reference_url https://github.com/advisories/GHSA-j46q-5pxx-8vmw
reference_id GHSA-j46q-5pxx-8vmw
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j46q-5pxx-8vmw
fixed_packages
0
url pkg:pypi/mlflow@2.11.3
purl pkg:pypi/mlflow@2.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r2kq-hqdf-6ugh
4
vulnerability VCID-r9df-3b7p-jfcy
5
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.11.3
aliases CVE-2024-2928, GHSA-j46q-5pxx-8vmw, PYSEC-2024-242
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utmm-2j11-eyh6
6
url VCID-xge2-eqq3-7bb9
vulnerability_id VCID-xge2-eqq3-7bb9
summary gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48134
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
1
reference_url https://github.com/mlflow/mlflow/issues/15944
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/issues/15944
2
reference_url https://github.com/mlflow/mlflow/pull/15970
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/pull/15970
3
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
fixed_packages
0
url pkg:pypi/mlflow@3.1.0
purl pkg:pypi/mlflow@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
1
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.1.0
aliases CVE-2025-52967, PYSEC-2025-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xge2-eqq3-7bb9
Fixing_vulnerabilities
0
url VCID-njg8-d2r5-rfax
vulnerability_id VCID-njg8-d2r5-rfax
summary A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4263
reference_id
reference_type
scores
0
value 0.00062
scoring_system epss
scoring_elements 0.19451
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4263
1
reference_url https://github.com/mlflow/mlflow/commit/b43e0e3de5b500554e13dc032ba2083b2d6c94b8
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/commit/b43e0e3de5b500554e13dc032ba2083b2d6c94b8
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-51.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2024-51.yaml
3
reference_url https://huntr.com/bounties/bfa116d3-2af8-4c4a-ac34-ccde7491ae11
reference_id
reference_type
scores
url https://huntr.com/bounties/bfa116d3-2af8-4c4a-ac34-ccde7491ae11
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-4263
reference_id CVE-2024-4263
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-4263
5
reference_url https://github.com/advisories/GHSA-p4jx-q62p-x5jr
reference_id GHSA-p4jx-q62p-x5jr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-p4jx-q62p-x5jr
fixed_packages
0
url pkg:pypi/mlflow@2.10.1
purl pkg:pypi/mlflow@2.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-96st-1wwr-4ken
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
3
vulnerability VCID-r2kq-hqdf-6ugh
4
vulnerability VCID-r9df-3b7p-jfcy
5
vulnerability VCID-utmm-2j11-eyh6
6
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.1
aliases CVE-2024-4263, GHSA-p4jx-q62p-x5jr, PYSEC-2024-51
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njg8-d2r5-rfax
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.10.1