Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/49203?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/49203?format=api", "purl": "pkg:pypi/mlflow@3.5.0", "type": "pypi", "namespace": "", "name": "mlflow", "version": "3.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.11.0rc0", "latest_non_vulnerable_version": "3.11.0rc0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37267?format=api", "vulnerability_id": "VCID-cu1t-7wnm-y7hk", "summary": "MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.\n\n \nThis issue affects MLflow version through 3.10.1", "references": [ { "reference_url": "https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors" }, { "reference_url": "https://cert.pl/en/posts/2026/04/CVE-2026-33865/", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://cert.pl/en/posts/2026/04/CVE-2026-33865/" }, { "reference_url": "https://github.com/mlflow/mlflow/pull/21708", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://github.com/mlflow/mlflow/pull/21708" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49217?format=api", "purl": "pkg:pypi/mlflow@3.11.0rc0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0" } ], "aliases": [ "CVE-2026-33866", "PYSEC-2026-94" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cu1t-7wnm-y7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37266?format=api", "vulnerability_id": "VCID-g9p5-4cqv-qfew", "summary": "MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. \n\nThis issue affects MLflow version through 3.10.1", "references": [ { "reference_url": "https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors" }, { "reference_url": "https://cert.pl/en/posts/2026/04/CVE-2026-33865/", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://cert.pl/en/posts/2026/04/CVE-2026-33865/" }, { "reference_url": "https://github.com/mlflow/mlflow/pull/21435", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://github.com/mlflow/mlflow/pull/21435" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49217?format=api", "purl": "pkg:pypi/mlflow@3.11.0rc0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0" } ], "aliases": [ "CVE-2026-33865", "PYSEC-2026-93" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g9p5-4cqv-qfew" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49662?format=api", "vulnerability_id": "VCID-twnx-dt83-nuf3", "summary": "MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation\nMLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.", "references": [ { "reference_url": "https://github.com/mlflow/mlflow", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mlflow/mlflow" }, { "reference_url": "https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3" }, { "reference_url": "https://github.com/mlflow/mlflow/pull/17910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mlflow/mlflow/pull/17910" }, { "reference_url": "https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108", "reference_id": "", "reference_type": "", "scores": [], "url": "https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14279", "reference_id": "CVE-2025-14279", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14279" }, { "reference_url": "https://github.com/advisories/GHSA-pgqp-8h46-6x4j", "reference_id": "GHSA-pgqp-8h46-6x4j", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgqp-8h46-6x4j" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49203?format=api", "purl": "pkg:pypi/mlflow@3.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-cu1t-7wnm-y7hk" }, { "vulnerability": "VCID-g9p5-4cqv-qfew" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.5.0" } ], "aliases": [ "CVE-2025-14279", "GHSA-pgqp-8h46-6x4j" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twnx-dt83-nuf3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.5.0" }