VulnerableCode Package Details - pkg:pypi/mlflow@2.17.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/mlflow@2.17.1

Essentials
History (4)

purl	pkg:pypi/mlflow@2.17.1

Next non-vulnerable version	3.11.0rc0
Latest non-vulnerable version	3.11.1
Risk	3.1

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-cu1t-7wnm-y7hk Aliases: CVE-2026-33866 GHSA-46r5-x6jq-v8g6 PYSEC-2026-94	MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1	3.11.0rc0 Affected by 0 other vulnerabilities.
VCID-g9p5-4cqv-qfew Aliases: CVE-2026-33865 GHSA-fh64-r2vc-xvhr PYSEC-2026-93	MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1	3.11.0rc0 Affected by 0 other vulnerabilities. 3.11.1 Affected by 0 other vulnerabilities.
VCID-hz26-bm34-gkfx Aliases: CVE-2025-1474 GHSA-4rj2-9gcx-5qhx PYSEC-2025-17	In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.	2.19.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rcqb-2498-77e2 Aliases: CVE-2025-52967 GHSA-wxj7-3fx5-pp9m PYSEC-2025-52	gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.	2.22.2 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 3.1.0 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:24:31.729117+00:00	Pypa Importer	Affected by	VCID-cu1t-7wnm-y7hk	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-94.yaml	38.6.0
2026-06-02T04:24:30.987858+00:00	Pypa Importer	Affected by	VCID-g9p5-4cqv-qfew	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-93.yaml	38.6.0
2026-06-02T04:23:14.485500+00:00	Pypa Importer	Affected by	VCID-rcqb-2498-77e2	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2025-52.yaml	38.6.0
2026-06-02T04:22:55.332748+00:00	Pypa Importer	Affected by	VCID-hz26-bm34-gkfx	https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2025-17.yaml	38.6.0