Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@3.0.0
Typepypi
Namespace
Namemlflow
Version3.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0rc0
Latest_non_vulnerable_version3.11.0rc0
Affected_by_vulnerabilities
0
url VCID-cu1t-7wnm-y7hk
vulnerability_id VCID-cu1t-7wnm-y7hk
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
2
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://github.com/mlflow/mlflow/pull/21708
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33866, PYSEC-2026-94
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cu1t-7wnm-y7hk
1
url VCID-g9p5-4cqv-qfew
vulnerability_id VCID-g9p5-4cqv-qfew
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
2
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
url https://github.com/mlflow/mlflow/pull/21435
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-33865, PYSEC-2026-93
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g9p5-4cqv-qfew
2
url VCID-rcqb-2498-77e2
vulnerability_id VCID-rcqb-2498-77e2
summary gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
references
0
reference_url https://github.com/mlflow/mlflow/issues/15944
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/issues/15944
1
reference_url https://github.com/mlflow/mlflow/pull/15970
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/pull/15970
2
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
fixed_packages
0
url pkg:pypi/mlflow@3.1.0
purl pkg:pypi/mlflow@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.1.0
aliases CVE-2025-52967, PYSEC-2025-52
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcqb-2498-77e2
Fixing_vulnerabilities
0
url VCID-b5eg-nt7k-z7fw
vulnerability_id VCID-b5eg-nt7k-z7fw
summary 
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.
references
0
reference_url https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
reference_id
reference_type
scores
url https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/5f98ff98659dddb188591ecf6b10a4e276a0dba7
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/commit/5f98ff98659dddb188591ecf6b10a4e276a0dba7
3
reference_url https://github.com/mlflow/mlflow/commit/e7dc0574fa3459e0003cfeb68d4e4a625491f03d
reference_id
reference_type
scores
url https://github.com/mlflow/mlflow/commit/e7dc0574fa3459e0003cfeb68d4e4a625491f03d
4
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-931
reference_id
reference_type
scores
url https://www.zerodayinitiative.com/advisories/ZDI-25-931
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11201
reference_id CVE-2025-11201
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-11201
6
reference_url https://github.com/advisories/GHSA-5cvj-7rg6-jggj
reference_id GHSA-5cvj-7rg6-jggj
reference_type
scores
url https://github.com/advisories/GHSA-5cvj-7rg6-jggj
fixed_packages
0
url pkg:pypi/mlflow@2.22.4
purl pkg:pypi/mlflow@2.22.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
2
vulnerability VCID-rcqb-2498-77e2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.4
1
url pkg:pypi/mlflow@3.0.0
purl pkg:pypi/mlflow@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cu1t-7wnm-y7hk
1
vulnerability VCID-g9p5-4cqv-qfew
2
vulnerability VCID-rcqb-2498-77e2
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.0.0
aliases CVE-2025-11201, GHSA-5cvj-7rg6-jggj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b5eg-nt7k-z7fw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.0.0