Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@2.15.1
Typepypi
Namespace
Namemlflow
Version2.15.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0rc0
Latest_non_vulnerable_version3.11.1
Affected_by_vulnerabilities
0
url VCID-cu1t-7wnm-y7hk
vulnerability_id VCID-cu1t-7wnm-y7hk
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33866.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33866.json
1
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
6
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/21708
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455900
reference_id 2455900
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455900
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33866, GHSA-46r5-x6jq-v8g6, PYSEC-2026-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cu1t-7wnm-y7hk
1
url VCID-g9p5-4cqv-qfew
vulnerability_id VCID-g9p5-4cqv-qfew
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33865.json
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33865.json
1
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
6
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/21435
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455899
reference_id 2455899
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455899
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
1
url pkg:pypi/mlflow@3.11.1
purl pkg:pypi/mlflow@3.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.1
aliases CVE-2026-33865, GHSA-fh64-r2vc-xvhr, PYSEC-2026-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9p5-4cqv-qfew
2
url VCID-hz26-bm34-gkfx
vulnerability_id VCID-hz26-bm34-gkfx
summary In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
references
0
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow
1
reference_url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
3
reference_url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
reference_id CVE-2025-1474
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
5
reference_url https://github.com/advisories/GHSA-4rj2-9gcx-5qhx
reference_id GHSA-4rj2-9gcx-5qhx
reference_type
scores
url https://github.com/advisories/GHSA-4rj2-9gcx-5qhx
fixed_packages
0
url pkg:pypi/mlflow@2.19.0
purl pkg:pypi/mlflow@2.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
2
vulnerability VCID-rcqb-2498-77e2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0
aliases CVE-2025-1474, GHSA-4rj2-9gcx-5qhx, PYSEC-2025-17
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hz26-bm34-gkfx
3
url VCID-rcqb-2498-77e2
vulnerability_id VCID-rcqb-2498-77e2
summary gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
references
0
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow
1
reference_url https://github.com/mlflow/mlflow/issues/15944
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/issues/15944
2
reference_url https://github.com/mlflow/mlflow/pull/15970
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/pull/15970
3
reference_url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
reference_id CVE-2025-52967
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
7
reference_url https://github.com/advisories/GHSA-wxj7-3fx5-pp9m
reference_id GHSA-wxj7-3fx5-pp9m
reference_type
scores
url https://github.com/advisories/GHSA-wxj7-3fx5-pp9m
fixed_packages
0
url pkg:pypi/mlflow@2.22.2
purl pkg:pypi/mlflow@2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
2
vulnerability VCID-rcqb-2498-77e2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.2
1
url pkg:pypi/mlflow@3.1.0
purl pkg:pypi/mlflow@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.1.0
aliases CVE-2025-52967, GHSA-wxj7-3fx5-pp9m, PYSEC-2025-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcqb-2498-77e2
4
url VCID-syg7-c85s-4ufu
vulnerability_id VCID-syg7-c85s-4ufu
summary Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called.
references
0
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
1
reference_url https://github.com/mlflow/mlflow/commit/0b1d995d66a678153e01ed3040f3f4dfc16a0d6b
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/0b1d995d66a678153e01ed3040f3f4dfc16a0d6b
2
reference_url https://github.com/mlflow/mlflow/pull/10874
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/10874
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-27134
reference_id CVE-2024-27134
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-27134
4
reference_url https://github.com/advisories/GHSA-qpgc-w4mg-6v92
reference_id GHSA-qpgc-w4mg-6v92
reference_type
scores
url https://github.com/advisories/GHSA-qpgc-w4mg-6v92
fixed_packages
0
url pkg:pypi/mlflow@2.16.0
purl pkg:pypi/mlflow@2.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
2
vulnerability VCID-hz26-bm34-gkfx
3
vulnerability VCID-rcqb-2498-77e2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.16.0
aliases CVE-2024-27134, GHSA-qpgc-w4mg-6v92, PYSEC-2024-224
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syg7-c85s-4ufu
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.15.1