Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/mlflow@2.22.2
purl pkg:pypi/mlflow@2.22.2
Next non-vulnerable version 3.11.0rc0
Latest non-vulnerable version 3.11.1
Risk 2.5
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-pugd-v7em-sbec
Aliases:
BIT-mlflow-2026-33865
CVE-2026-33865
GHSA-fh64-r2vc-xvhr
PYSEC-2026-93
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1
3.11.0rc0
Affected by 0 other vulnerabilities.
3.11.1
Affected by 0 other vulnerabilities.
VCID-qnyj-3qc7-p7bp
Aliases:
BIT-mlflow-2026-33866
CVE-2026-33866
GHSA-46r5-x6jq-v8g6
PYSEC-2026-94
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1
3.11.0rc0
Affected by 0 other vulnerabilities.
VCID-xge2-eqq3-7bb9
Aliases:
BIT-mlflow-2025-52967
CVE-2025-52967
GHSA-wxj7-3fx5-pp9m
PYSEC-2025-52
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
3.1.0
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-xge2-eqq3-7bb9 gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. BIT-mlflow-2025-52967
CVE-2025-52967
GHSA-wxj7-3fx5-pp9m
PYSEC-2025-52

Date Actor Action Vulnerability Source VulnerableCode Version
2026-05-31T11:03:29.223804+00:00 GithubOSV Importer Fixing VCID-xge2-eqq3-7bb9 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/06/GHSA-wxj7-3fx5-pp9m/GHSA-wxj7-3fx5-pp9m.json 38.6.0
2026-05-31T09:47:42.626846+00:00 PyPI Importer Affected by VCID-qnyj-3qc7-p7bp https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:47:42.283655+00:00 PyPI Importer Affected by VCID-pugd-v7em-sbec https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-31T09:47:03.343017+00:00 PyPI Importer Affected by VCID-xge2-eqq3-7bb9 https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.6.0
2026-05-30T20:37:53.202595+00:00 Pypa Importer Affected by VCID-qnyj-3qc7-p7bp https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-94.yaml 38.6.0
2026-05-30T20:37:52.432916+00:00 Pypa Importer Affected by VCID-pugd-v7em-sbec https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2026-93.yaml 38.6.0
2026-05-30T20:36:32.474640+00:00 Pypa Importer Affected by VCID-xge2-eqq3-7bb9 https://github.com/pypa/advisory-database/blob/main/vulns/mlflow/PYSEC-2025-52.yaml 38.6.0