{"url":"http://public2.vulnerablecode.io/api/packages/40815?format=json","purl":"pkg:pypi/zenml@0.7.0","type":"pypi","namespace":"","name":"zenml","version":"0.7.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.68.0","latest_non_vulnerable_version":"0.84.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36805?format=json","vulnerability_id":"VCID-ebjc-26b1-9ugm","summary":"An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2213","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.0138","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01384","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01376","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01377","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2213"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/"}],"url":"https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2"},{"reference_url":"https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/"}],"url":"https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2213","reference_id":"CVE-2024-2213","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2213"},{"reference_url":"https://github.com/advisories/GHSA-j527-v579-m98h","reference_id":"GHSA-j527-v579-m98h","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j527-v579-m98h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41232?format=json","purl":"pkg:pypi/zenml@0.56.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3"}],"aliases":["CVE-2024-2213","GHSA-j527-v579-m98h","PYSEC-2024-193"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ebjc-26b1-9ugm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55412?format=json","vulnerability_id":"VCID-kbns-y3um-pyfn","summary":"Improper line feed handling in zenml\nA denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (`\\n`) characters in component names. When a low-privileged user adds a component through the API endpoint `api/v1/workspaces/default/components` with a name containing a `\\n` character, it leads to uncontrolled resource consumption. This vulnerability results in the inability of users to add new components in certain categories (e.g., 'Image Builder') and to register new stacks through the UI, thereby degrading the user experience and potentially rendering the ZenML Dashboard unusable. The issue does not affect component addition through the Web UI, as `\\n` characters are properly escaped in that context. The vulnerability was tested on ZenML running in Docker, and it was observed in both Firefox and Chrome browsers.","references":[{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b"},{"reference_url":"https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4460","reference_id":"CVE-2024-4460","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4460"},{"reference_url":"https://github.com/advisories/GHSA-7gjr-hcc3-xfr4","reference_id":"GHSA-7gjr-hcc3-xfr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7gjr-hcc3-xfr4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41802?format=json","purl":"pkg:pypi/zenml@0.57.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.1"}],"aliases":["CVE-2024-4460","GHSA-7gjr-hcc3-xfr4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kbns-y3um-pyfn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36803?format=json","vulnerability_id":"VCID-n6qj-ksaa-73dt","summary":"An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2035","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15847","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15964","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15954","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15825","published_at":"2026-06-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15912","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2035"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/"}],"url":"https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3"},{"reference_url":"https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/"}],"url":"https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2035","reference_id":"CVE-2024-2035","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2035"},{"reference_url":"https://github.com/advisories/GHSA-9x88-4jg8-4vf7","reference_id":"GHSA-9x88-4jg8-4vf7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9x88-4jg8-4vf7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40899?format=json","purl":"pkg:pypi/zenml@0.56.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2"}],"aliases":["CVE-2024-2035","GHSA-9x88-4jg8-4vf7","PYSEC-2024-169"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n6qj-ksaa-73dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36761?format=json","vulnerability_id":"VCID-p1cd-gz4y-4kek","summary":"A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2260","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24251","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24325","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.242","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24192","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24306","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2260"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/"}],"url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e"},{"reference_url":"https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/"}],"url":"https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2260","reference_id":"CVE-2024-2260","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2260"},{"reference_url":"https://github.com/advisories/GHSA-g3r5-72hf-p7p2","reference_id":"GHSA-g3r5-72hf-p7p2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g3r5-72hf-p7p2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40899?format=json","purl":"pkg:pypi/zenml@0.56.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2"}],"aliases":["CVE-2024-2260","GHSA-g3r5-72hf-p7p2","PYSEC-2024-254"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p1cd-gz4y-4kek"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36760?format=json","vulnerability_id":"VCID-p79q-7hp5-9ucu","summary":"A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2083","reference_id":"","reference_type":"","scores":[{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71808","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71825","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71817","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71793","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00672","scoring_system":"epss","scoring_elements":"0.71831","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2083"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/"}],"url":"https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b"},{"reference_url":"https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f","reference_id":"","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/"}],"url":"https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2083","reference_id":"CVE-2024-2083","reference_type":"","scores":[{"value":"9.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2083"},{"reference_url":"https://github.com/advisories/GHSA-6h3f-43vq-53hj","reference_id":"GHSA-6h3f-43vq-53hj","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6h3f-43vq-53hj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40896?format=json","purl":"pkg:pypi/zenml@0.55.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5"}],"aliases":["CVE-2024-2083","GHSA-6h3f-43vq-53hj","PYSEC-2024-247"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p79q-7hp5-9ucu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55335?format=json","vulnerability_id":"VCID-pcu3-k822-uqh6","summary":"zenml-io/zenml does not expire the session after password reset\nA vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4680","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22951","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22902","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22897","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2301","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22995","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4680"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a","reference_id":"","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:06:48Z/"}],"url":"https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4680","reference_id":"CVE-2024-4680","reference_type":"","scores":[{"value":"3.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L"},{"value":"2.0","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4680"},{"reference_url":"https://github.com/advisories/GHSA-99hm-86h7-gr3g","reference_id":"GHSA-99hm-86h7-gr3g","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99hm-86h7-gr3g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41798?format=json","purl":"pkg:pypi/zenml@0.56.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.4"}],"aliases":["CVE-2024-4680","GHSA-99hm-86h7-gr3g"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcu3-k822-uqh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47131?format=json","vulnerability_id":"VCID-pke9-122d-yqgg","summary":"ZenML Server Remote Privilege Escalation Vulnerability\nZenML Server in the ZenML package before 0.46.7 for Python allows remote privilege escalation because the `/api/v1/users/{user_name_or_id}/activate` REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25723","reference_id":"","reference_type":"","scores":[{"value":"0.89644","scoring_system":"epss","scoring_elements":"0.99582","published_at":"2026-06-09T12:55:00Z"},{"value":"0.89644","scoring_system":"epss","scoring_elements":"0.99581","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25723"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/"}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/"}],"url":"https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2"},{"reference_url":"https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/"}],"url":"https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1"},{"reference_url":"https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/"}],"url":"https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4"},{"reference_url":"https://www.zenml.io/blog/critical-security-update-for-zenml-users","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/"}],"url":"https://www.zenml.io/blog/critical-security-update-for-zenml-users"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25723","reference_id":"CVE-2024-25723","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-25723"},{"reference_url":"https://github.com/advisories/GHSA-vf7j-cmrj-pmmm","reference_id":"GHSA-vf7j-cmrj-pmmm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vf7j-cmrj-pmmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40866?format=json","purl":"pkg:pypi/zenml@0.42.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-p79q-7hp5-9ucu"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-r8dp-3vzt-a7e5"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.42.2"},{"url":"http://public2.vulnerablecode.io/api/packages/40868?format=json","purl":"pkg:pypi/zenml@0.43.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-p79q-7hp5-9ucu"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-r8dp-3vzt-a7e5"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.43.1"},{"url":"http://public2.vulnerablecode.io/api/packages/40873?format=json","purl":"pkg:pypi/zenml@0.44.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-p79q-7hp5-9ucu"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-r8dp-3vzt-a7e5"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.44.4"},{"url":"http://public2.vulnerablecode.io/api/packages/69157?format=json","purl":"pkg:pypi/zenml@0.46.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.46.7"},{"url":"http://public2.vulnerablecode.io/api/packages/40883?format=json","purl":"pkg:pypi/zenml@0.47.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-p79q-7hp5-9ucu"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-r8dp-3vzt-a7e5"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.47.0"}],"aliases":["CVE-2024-25723","GHSA-vf7j-cmrj-pmmm"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pke9-122d-yqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36801?format=json","vulnerability_id":"VCID-r8dp-3vzt-a7e5","summary":"A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2032","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13723","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13814","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13816","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13693","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13777","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2032"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/"}],"url":"https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b"},{"reference_url":"https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/"}],"url":"https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2032","reference_id":"CVE-2024-2032","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2032"},{"reference_url":"https://github.com/advisories/GHSA-c546-8jmq-hprj","reference_id":"GHSA-c546-8jmq-hprj","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c546-8jmq-hprj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40896?format=json","purl":"pkg:pypi/zenml@0.55.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-n6qj-ksaa-73dt"},{"vulnerability":"VCID-p1cd-gz4y-4kek"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-txv3-t7x8-fya8"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5"}],"aliases":["CVE-2024-2032","GHSA-c546-8jmq-hprj","PYSEC-2024-105"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r8dp-3vzt-a7e5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36822?format=json","vulnerability_id":"VCID-sj5w-hq6t-bqhg","summary":"A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5062","reference_id":"","reference_type":"","scores":[{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37765","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37738","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37727","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37795","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00168","scoring_system":"epss","scoring_elements":"0.37792","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-5062"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/"}],"url":"https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4"},{"reference_url":"https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/"}],"url":"https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5062","reference_id":"CVE-2024-5062","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-5062"},{"reference_url":"https://github.com/advisories/GHSA-3434-hc3m-8mmm","reference_id":"GHSA-3434-hc3m-8mmm","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3434-hc3m-8mmm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41803?format=json","purl":"pkg:pypi/zenml@0.58.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.58.0"}],"aliases":["CVE-2024-5062","GHSA-3434-hc3m-8mmm","PYSEC-2024-176"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sj5w-hq6t-bqhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36804?format=json","vulnerability_id":"VCID-txv3-t7x8-fya8","summary":"A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2171","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20008","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20052","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20047","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.1996","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19943","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2171"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/"}],"url":"https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e"},{"reference_url":"https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/"}],"url":"https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2171","reference_id":"CVE-2024-2171","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2171"},{"reference_url":"https://github.com/advisories/GHSA-vwgf-7f9h-h499","reference_id":"GHSA-vwgf-7f9h-h499","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vwgf-7f9h-h499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40899?format=json","purl":"pkg:pypi/zenml@0.56.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ebjc-26b1-9ugm"},{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-x798-xu3q-j3az"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2"}],"aliases":["CVE-2024-2171","GHSA-vwgf-7f9h-h499","PYSEC-2024-170"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txv3-t7x8-fya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56191?format=json","vulnerability_id":"VCID-vcxu-99j6-nydd","summary":"Missing ratelimit on passwrod resets in zenml\nzenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4311","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22043","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22053","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22099","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22147","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22161","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-4311"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/"}],"url":"https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9"},{"reference_url":"https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/"}],"url":"https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4311","reference_id":"CVE-2024-4311","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-4311"},{"reference_url":"https://github.com/advisories/GHSA-j3vq-pmp5-r5xj","reference_id":"GHSA-j3vq-pmp5-r5xj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j3vq-pmp5-r5xj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41800?format=json","purl":"pkg:pypi/zenml@0.57.0rc2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.0rc2"}],"aliases":["CVE-2024-4311","GHSA-j3vq-pmp5-r5xj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcxu-99j6-nydd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36806?format=json","vulnerability_id":"VCID-x798-xu3q-j3az","summary":"A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2383","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17934","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17973","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.1797","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17876","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17857","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-2383"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/"}],"url":"https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9"},{"reference_url":"https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/"}],"url":"https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2383","reference_id":"CVE-2024-2383","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-2383"},{"reference_url":"https://github.com/advisories/GHSA-mq73-g4qr-fgcq","reference_id":"GHSA-mq73-g4qr-fgcq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mq73-g4qr-fgcq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/41232?format=json","purl":"pkg:pypi/zenml@0.56.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-kbns-y3um-pyfn"},{"vulnerability":"VCID-pcu3-k822-uqh6"},{"vulnerability":"VCID-sj5w-hq6t-bqhg"},{"vulnerability":"VCID-vcxu-99j6-nydd"},{"vulnerability":"VCID-zd6d-8hdf-quhz"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3"}],"aliases":["CVE-2024-2383","GHSA-mq73-g4qr-fgcq","PYSEC-2024-194"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x798-xu3q-j3az"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37011?format=json","vulnerability_id":"VCID-zd6d-8hdf-quhz","summary":"A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9340","reference_id":"","reference_type":"","scores":[{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44446","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44399","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44387","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44422","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00218","scoring_system":"epss","scoring_elements":"0.44437","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-9340"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml"},{"reference_url":"https://github.com/zenml-io/zenml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/zenml-io/zenml"},{"reference_url":"https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/"}],"url":"https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d"},{"reference_url":"https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/"}],"url":"https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9340","reference_id":"CVE-2024-9340","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-9340"},{"reference_url":"https://github.com/advisories/GHSA-6gmf-2369-c76c","reference_id":"GHSA-6gmf-2369-c76c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6gmf-2369-c76c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44720?format=json","purl":"pkg:pypi/zenml@0.68.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.68.0"}],"aliases":["CVE-2024-9340","GHSA-6gmf-2369-c76c","PYSEC-2025-57"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd6d-8hdf-quhz"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.7.0"}