Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/mlflow@2.17.1
Typepypi
Namespace
Namemlflow
Version2.17.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.11.0
Latest_non_vulnerable_version3.11.1
Affected_by_vulnerabilities
0
url VCID-12x9-m2bw-3kf9
vulnerability_id VCID-12x9-m2bw-3kf9
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0596
reference_id
reference_type
scores
0
value 0.00165
scoring_system epss
scoring_elements 0.3729
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0596
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/202fac4c83ccc8544c087c142b80196d0e60695c
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/202fac4c83ccc8544c087c142b80196d0e60695c
3
reference_url https://github.com/mlflow/mlflow/pull/19738
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/19738
4
reference_url https://huntr.com/bounties/2e905add-f9f5-4309-a3db-b17de5981285
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-31T17:19:22Z/
url https://huntr.com/bounties/2e905add-f9f5-4309-a3db-b17de5981285
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0596
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0596
6
reference_url https://github.com/advisories/GHSA-rvhj-8chj-8v3c
reference_id GHSA-rvhj-8chj-8v3c
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rvhj-8chj-8v3c
fixed_packages
0
url pkg:pypi/mlflow@3.9.0
purl pkg:pypi/mlflow@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hqaj-y7cm-7bes
1
vulnerability VCID-pugd-v7em-sbec
2
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.9.0
aliases CVE-2026-0596, GHSA-rvhj-8chj-8v3c
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12x9-m2bw-3kf9
1
url VCID-2aw2-55zh-8kew
vulnerability_id VCID-2aw2-55zh-8kew
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15381.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15381.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15381
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01573
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15381
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/blob/b569ebc74c14af593c326143bee2df44a5d59edf/mlflow/server/auth/__init__.py#L752
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/blob/b569ebc74c14af593c326143bee2df44a5d59edf/mlflow/server/auth/__init__.py#L752
4
reference_url https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-27T16:58:49Z/
url https://huntr.com/bounties/149fb2f9-ef4b-4136-a25c-20563451904c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15381
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15381
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452341
reference_id 2452341
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452341
7
reference_url https://github.com/advisories/GHSA-g6pg-52vf-843h
reference_id GHSA-g6pg-52vf-843h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g6pg-52vf-843h
fixed_packages
0
url pkg:pypi/mlflow@3.9.0rc0
purl pkg:pypi/mlflow@3.9.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-hqaj-y7cm-7bes
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.9.0rc0
aliases CVE-2025-15381, GHSA-g6pg-52vf-843h
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2aw2-55zh-8kew
2
url VCID-2hep-r691-6uda
vulnerability_id VCID-2hep-r691-6uda
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15036.json
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15036.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15036
reference_id
reference_type
scores
0
value 0.00037
scoring_system epss
scoring_elements 0.11551
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15036
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T14:01:01Z/
url https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
4
reference_url https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-30T14:01:01Z/
url https://huntr.com/bounties/36c314cf-fd6e-4fb0-b9b0-1b47bcdf0eb0
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15036
reference_id
reference_type
scores
0
value 9.6
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15036
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452925
reference_id 2452925
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452925
7
reference_url https://github.com/advisories/GHSA-vhcx-3pq2-4fvc
reference_id GHSA-vhcx-3pq2-4fvc
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vhcx-3pq2-4fvc
fixed_packages
0
url pkg:pypi/mlflow@3.9.0rc0
purl pkg:pypi/mlflow@3.9.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-hqaj-y7cm-7bes
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.9.0rc0
aliases CVE-2025-15036, GHSA-vhcx-3pq2-4fvc
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hep-r691-6uda
3
url VCID-48st-xdcq-h7ex
vulnerability_id VCID-48st-xdcq-h7ex
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15379.json
reference_id
reference_type
scores
0
value 9.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15379.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15379
reference_id
reference_type
scores
0
value 0.00269
scoring_system epss
scoring_elements 0.50557
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15379
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-31T03:55:37Z/
url https://github.com/mlflow/mlflow/commit/361b6f620adf98385c6721e384fb5ef9a30bb05e
4
reference_url https://github.com/mlflow/mlflow/commit/a22ce7157f646bdce4c95106fc38ccc9ca289205
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/a22ce7157f646bdce4c95106fc38ccc9ca289205
5
reference_url https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75
reference_id
reference_type
scores
0
value 10
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-03-31T03:55:37Z/
url https://huntr.com/bounties/dc9c1c20-7879-4050-87df-4d095fe5ca75
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15379
reference_id
reference_type
scores
0
value 10.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15379
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452949
reference_id 2452949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452949
8
reference_url https://github.com/advisories/GHSA-r23q-823p-vmf7
reference_id GHSA-r23q-823p-vmf7
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r23q-823p-vmf7
fixed_packages
0
url pkg:pypi/mlflow@3.8.1
purl pkg:pypi/mlflow@3.8.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-pugd-v7em-sbec
6
vulnerability VCID-qnyj-3qc7-p7bp
7
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.1
1
url pkg:pypi/mlflow@3.9.0rc0
purl pkg:pypi/mlflow@3.9.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-hqaj-y7cm-7bes
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.9.0rc0
aliases CVE-2025-15379, GHSA-r23q-823p-vmf7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-48st-xdcq-h7ex
4
url VCID-5zdh-3f88-rkdu
vulnerability_id VCID-5zdh-3f88-rkdu
summary 
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of model file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-26921.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11201
reference_id
reference_type
scores
0
value 0.17218
scoring_system epss
scoring_elements 0.95137
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11201
1
reference_url https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:31Z/
url https://github.com/B-Step62/mlflow/commit/2e02bc7bb70df243e6eb792689d9b8eba0013161
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/commit/5f98ff98659dddb188591ecf6b10a4e276a0dba7
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/5f98ff98659dddb188591ecf6b10a4e276a0dba7
4
reference_url https://github.com/mlflow/mlflow/commit/e7dc0574fa3459e0003cfeb68d4e4a625491f03d
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/e7dc0574fa3459e0003cfeb68d4e4a625491f03d
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-931
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-25-931
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11201
reference_id CVE-2025-11201
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11201
7
reference_url https://github.com/advisories/GHSA-5cvj-7rg6-jggj
reference_id GHSA-5cvj-7rg6-jggj
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cvj-7rg6-jggj
8
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-931/
reference_id ZDI-25-931
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:31Z/
url https://www.zerodayinitiative.com/advisories/ZDI-25-931/
fixed_packages
0
url pkg:pypi/mlflow@2.22.4
purl pkg:pypi/mlflow@2.22.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-7tgs-wa11-nufv
5
vulnerability VCID-hqaj-y7cm-7bes
6
vulnerability VCID-j57a-1m4x-m7b9
7
vulnerability VCID-pugd-v7em-sbec
8
vulnerability VCID-qnyj-3qc7-p7bp
9
vulnerability VCID-rhym-6ebq-mffv
10
vulnerability VCID-rqvn-65vq-s3eb
11
vulnerability VCID-tf87-u8nw-sqh4
12
vulnerability VCID-xbkg-xkmz-1udw
13
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.4
1
url pkg:pypi/mlflow@3.0.0
purl pkg:pypi/mlflow@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-7tgs-wa11-nufv
5
vulnerability VCID-hqaj-y7cm-7bes
6
vulnerability VCID-j57a-1m4x-m7b9
7
vulnerability VCID-pugd-v7em-sbec
8
vulnerability VCID-qnyj-3qc7-p7bp
9
vulnerability VCID-rhym-6ebq-mffv
10
vulnerability VCID-rqvn-65vq-s3eb
11
vulnerability VCID-tf87-u8nw-sqh4
12
vulnerability VCID-xbkg-xkmz-1udw
13
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.0.0
aliases CVE-2025-11201, GHSA-5cvj-7rg6-jggj
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5zdh-3f88-rkdu
5
url VCID-7tgs-wa11-nufv
vulnerability_id VCID-7tgs-wa11-nufv
summary 
mlflow Creates of Temporary File in Directory with Insecure Permissions
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with write access to the `/tmp` directory to exploit a race condition and overwrite `.py` files in the virtual environment, leading to arbitrary code execution. The issue is resolved in version 3.4.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-10279
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00467
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-10279
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-02T17:48:06Z/
url https://github.com/mlflow/mlflow/commit/1d7c8d4cf0a67d407499a8a4ffac387ea4f8194a
3
reference_url https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8
reference_id
reference_type
scores
0
value 7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-02T17:48:06Z/
url https://huntr.com/bounties/01d3b81e-13d1-43aa-b91a-443aec68bdc8
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-10279
reference_id CVE-2025-10279
reference_type
scores
0
value 7.0
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-10279
5
reference_url https://github.com/advisories/GHSA-4x5p-f36r-mxxr
reference_id GHSA-4x5p-f36r-mxxr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4x5p-f36r-mxxr
fixed_packages
0
url pkg:pypi/mlflow@3.4.0rc0
purl pkg:pypi/mlflow@3.4.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-j57a-1m4x-m7b9
6
vulnerability VCID-pugd-v7em-sbec
7
vulnerability VCID-qnyj-3qc7-p7bp
8
vulnerability VCID-rhym-6ebq-mffv
9
vulnerability VCID-rqvn-65vq-s3eb
10
vulnerability VCID-tf87-u8nw-sqh4
11
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.4.0rc0
aliases CVE-2025-10279, GHSA-4x5p-f36r-mxxr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7tgs-wa11-nufv
6
url VCID-96st-1wwr-4ken
vulnerability_id VCID-96st-1wwr-4ken
summary In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user account management. The issue is fixed in version 2.19.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
reference_id
reference_type
scores
0
value 0.00104
scoring_system epss
scoring_elements 0.28075
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1474
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:48:58Z/
url https://github.com/mlflow/mlflow/commit/149c9e18aa219bc47e86b432e130e467a36f4a17
3
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-17.yaml
4
reference_url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
2
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:N
3
value LOW
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:48:58Z/
url https://huntr.com/bounties/e79f7774-10fe-46b2-b522-e73b748e3b2d
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1474
6
reference_url https://github.com/advisories/GHSA-4rj2-9gcx-5qhx
reference_id GHSA-4rj2-9gcx-5qhx
reference_type
scores
url https://github.com/advisories/GHSA-4rj2-9gcx-5qhx
fixed_packages
0
url pkg:pypi/mlflow@2.19.0
purl pkg:pypi/mlflow@2.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-hqaj-y7cm-7bes
7
vulnerability VCID-j57a-1m4x-m7b9
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qafk-aqpp-rkfe
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-r586-qh3w-vkbs
12
vulnerability VCID-rhym-6ebq-mffv
13
vulnerability VCID-rqvn-65vq-s3eb
14
vulnerability VCID-tf87-u8nw-sqh4
15
vulnerability VCID-xbkg-xkmz-1udw
16
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0
aliases BIT-mlflow-2025-1474, CVE-2025-1474, GHSA-4rj2-9gcx-5qhx, PYSEC-2025-17
risk_score 2.5
exploitability 0.5
weighted_severity 5.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-96st-1wwr-4ken
7
url VCID-hqaj-y7cm-7bes
vulnerability_id VCID-hqaj-y7cm-7bes
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0545
reference_id
reference_type
scores
0
value 0.14018
scoring_system epss
scoring_elements 0.94456
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0545
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://huntr.com/bounties/b2e5b028-9541-4d29-8703-a76f1a3734d8
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-03T17:48:47Z/
url https://huntr.com/bounties/b2e5b028-9541-4d29-8703-a76f1a3734d8
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0545
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0545
4
reference_url https://github.com/advisories/GHSA-7qhf-v65m-g5f3
reference_id GHSA-7qhf-v65m-g5f3
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7qhf-v65m-g5f3
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases CVE-2026-0545, GHSA-7qhf-v65m-g5f3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqaj-y7cm-7bes
8
url VCID-j57a-1m4x-m7b9
vulnerability_id VCID-j57a-1m4x-m7b9
summary 
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An attacker can query, update, and delete experiments via the affected endpoints, leading to potential data exfiltration, destruction, or manipulation. The issue is resolved in version 3.5.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14279
reference_id
reference_type
scores
0
value 0.0004
scoring_system epss
scoring_elements 0.12491
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14279
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T14:54:23Z/
url https://github.com/mlflow/mlflow/commit/b0ffd289e9b0d0cc32c9e3a9b9f3843ae83dbec3
3
reference_url https://github.com/mlflow/mlflow/pull/17910
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/17910
4
reference_url https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-12T14:54:23Z/
url https://huntr.com/bounties/ef478f72-2e4f-44dc-8055-fc06bef03108
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14279
reference_id CVE-2025-14279
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14279
6
reference_url https://github.com/advisories/GHSA-pgqp-8h46-6x4j
reference_id GHSA-pgqp-8h46-6x4j
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pgqp-8h46-6x4j
fixed_packages
0
url pkg:pypi/mlflow@3.5.0
purl pkg:pypi/mlflow@3.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-pugd-v7em-sbec
6
vulnerability VCID-qnyj-3qc7-p7bp
7
vulnerability VCID-rhym-6ebq-mffv
8
vulnerability VCID-rqvn-65vq-s3eb
9
vulnerability VCID-tf87-u8nw-sqh4
10
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.5.0
aliases CVE-2025-14279, GHSA-pgqp-8h46-6x4j
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j57a-1m4x-m7b9
9
url VCID-pugd-v7em-sbec
vulnerability_id VCID-pugd-v7em-sbec
summary 
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. 

This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.0132
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33865
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/aca4dd0ec88a12f7655155c224371280e9b45dda
6
reference_url https://github.com/mlflow/mlflow/pull/21435
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:13:51Z/
url https://github.com/mlflow/mlflow/pull/21435
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33865
8
reference_url https://github.com/advisories/GHSA-fh64-r2vc-xvhr
reference_id GHSA-fh64-r2vc-xvhr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh64-r2vc-xvhr
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
1
url pkg:pypi/mlflow@3.11.1
purl pkg:pypi/mlflow@3.11.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.1
aliases BIT-mlflow-2026-33865, CVE-2026-33865, GHSA-fh64-r2vc-xvhr, PYSEC-2026-93
risk_score 2.5
exploitability 0.5
weighted_severity 4.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pugd-v7em-sbec
10
url VCID-qafk-aqpp-rkfe
vulnerability_id VCID-qafk-aqpp-rkfe
summary 
MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of passwords. The issue results from weak password requirements. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26916.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-11200
reference_id
reference_type
scores
0
value 0.00234
scoring_system epss
scoring_elements 0.46337
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-11200
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:32Z/
url https://github.com/mlflow/mlflow/commit/1f74f3f24d8273927b8db392c23e108576936c54
3
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-932
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-25-932
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-11200
reference_id CVE-2025-11200
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-11200
5
reference_url https://github.com/advisories/GHSA-6xj8-rrqx-r4cv
reference_id GHSA-6xj8-rrqx-r4cv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6xj8-rrqx-r4cv
6
reference_url https://www.zerodayinitiative.com/advisories/ZDI-25-932/
reference_id ZDI-25-932
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-10-31T03:55:32Z/
url https://www.zerodayinitiative.com/advisories/ZDI-25-932/
fixed_packages
0
url pkg:pypi/mlflow@2.22.0rc0
purl pkg:pypi/mlflow@2.22.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-hqaj-y7cm-7bes
7
vulnerability VCID-j57a-1m4x-m7b9
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qafk-aqpp-rkfe
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-rhym-6ebq-mffv
12
vulnerability VCID-rqvn-65vq-s3eb
13
vulnerability VCID-tf87-u8nw-sqh4
14
vulnerability VCID-xbkg-xkmz-1udw
15
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.0rc0
1
url pkg:pypi/mlflow@2.22.0
purl pkg:pypi/mlflow@2.22.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-hqaj-y7cm-7bes
7
vulnerability VCID-j57a-1m4x-m7b9
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-rhym-6ebq-mffv
11
vulnerability VCID-rqvn-65vq-s3eb
12
vulnerability VCID-tf87-u8nw-sqh4
13
vulnerability VCID-xbkg-xkmz-1udw
14
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.0
aliases CVE-2025-11200, GHSA-6xj8-rrqx-r4cv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qafk-aqpp-rkfe
11
url VCID-qnyj-3qc7-p7bp
vulnerability_id VCID-qnyj-3qc7-p7bp
summary 
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access.

 
This issue affects MLflow version through 3.10.1
references
0
reference_url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://afine.com/blogs/attacking-mlflow-how-ml-artifacts-become-attack-vectors
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01037
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33866
2
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://cert.pl/en/posts/2026/04/CVE-2026-33865
3
reference_url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://cert.pl/en/posts/2026/04/CVE-2026-33865/
4
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
5
reference_url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/005b959cacda05d1423356cfcbd9ebeda8ff96a7
6
reference_url https://github.com/mlflow/mlflow/pull/21708
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-14T15:12:33Z/
url https://github.com/mlflow/mlflow/pull/21708
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33866
8
reference_url https://github.com/advisories/GHSA-46r5-x6jq-v8g6
reference_id GHSA-46r5-x6jq-v8g6
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-46r5-x6jq-v8g6
fixed_packages
0
url pkg:pypi/mlflow@3.11.0rc0
purl pkg:pypi/mlflow@3.11.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-pugd-v7em-sbec
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.11.0rc0
aliases BIT-mlflow-2026-33866, CVE-2026-33866, GHSA-46r5-x6jq-v8g6, PYSEC-2026-94
risk_score 1.9
exploitability 0.5
weighted_severity 3.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnyj-3qc7-p7bp
12
url VCID-qt9q-bfeb-jkc5
vulnerability_id VCID-qt9q-bfeb-jkc5
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-0453
reference_id
reference_type
scores
0
value 0.00324
scoring_system epss
scoring_elements 0.55699
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-0453
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T15:51:13Z/
url https://huntr.com/bounties/788327ec-714a-4d5c-83aa-8df04dd7612b
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-0453
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-0453
4
reference_url https://github.com/advisories/GHSA-49m6-vrr9-2cqm
reference_id GHSA-49m6-vrr9-2cqm
reference_type
scores
url https://github.com/advisories/GHSA-49m6-vrr9-2cqm
fixed_packages
0
url pkg:pypi/mlflow@2.18.0rc0
purl pkg:pypi/mlflow@2.18.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-96st-1wwr-4ken
7
vulnerability VCID-hqaj-y7cm-7bes
8
vulnerability VCID-j57a-1m4x-m7b9
9
vulnerability VCID-pugd-v7em-sbec
10
vulnerability VCID-qafk-aqpp-rkfe
11
vulnerability VCID-qnyj-3qc7-p7bp
12
vulnerability VCID-r586-qh3w-vkbs
13
vulnerability VCID-rhym-6ebq-mffv
14
vulnerability VCID-rqvn-65vq-s3eb
15
vulnerability VCID-tf87-u8nw-sqh4
16
vulnerability VCID-xbkg-xkmz-1udw
17
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.18.0rc0
aliases CVE-2025-0453, GHSA-49m6-vrr9-2cqm
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qt9q-bfeb-jkc5
13
url VCID-r586-qh3w-vkbs
vulnerability_id VCID-r586-qh3w-vkbs
summary
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1473
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36912
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1473
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:49:00Z/
url https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
3
reference_url https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:49:00Z/
url https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1473
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1473
5
reference_url https://github.com/advisories/GHSA-969w-gqqr-g6j3
reference_id GHSA-969w-gqqr-g6j3
reference_type
scores
url https://github.com/advisories/GHSA-969w-gqqr-g6j3
fixed_packages
0
url pkg:pypi/mlflow@2.20.3
purl pkg:pypi/mlflow@2.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-hqaj-y7cm-7bes
7
vulnerability VCID-j57a-1m4x-m7b9
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qafk-aqpp-rkfe
10
vulnerability VCID-qnyj-3qc7-p7bp
11
vulnerability VCID-rhym-6ebq-mffv
12
vulnerability VCID-rqvn-65vq-s3eb
13
vulnerability VCID-tf87-u8nw-sqh4
14
vulnerability VCID-xbkg-xkmz-1udw
15
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.3
aliases CVE-2025-1473, GHSA-969w-gqqr-g6j3
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r586-qh3w-vkbs
14
url VCID-rhym-6ebq-mffv
vulnerability_id VCID-rhym-6ebq-mffv
summary 
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the handling of artifact file paths. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the service account.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2033
reference_id
reference_type
scores
0
value 0.18428
scoring_system epss
scoring_elements 0.95351
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2033
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
3
reference_url https://github.com/mlflow/mlflow/pull/19260
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:54Z/
url https://github.com/mlflow/mlflow/pull/19260
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-105
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-105
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2033
reference_id CVE-2026-2033
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2033
7
reference_url https://github.com/advisories/GHSA-q2r8-vmq7-fpx2
reference_id GHSA-q2r8-vmq7-fpx2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q2r8-vmq7-fpx2
8
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-105/
reference_id ZDI-26-105
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-25T04:55:54Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-105/
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-pugd-v7em-sbec
6
vulnerability VCID-qnyj-3qc7-p7bp
7
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2026-2033, GHSA-q2r8-vmq7-fpx2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhym-6ebq-mffv
15
url VCID-rqvn-65vq-s3eb
vulnerability_id VCID-rqvn-65vq-s3eb
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14287.json
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14287.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-14287
reference_id
reference_type
scores
0
value 0.0034
scoring_system epss
scoring_elements 0.56937
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-14287
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/commit/8b8792a7034fb33a14b0b31cabcaa9b912d3485f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/8b8792a7034fb33a14b0b31cabcaa9b912d3485f
4
reference_url https://github.com/mlflow/mlflow/pull/19277
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/pull/19277
5
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
6
reference_url https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-17T03:55:37Z/
url https://huntr.com/bounties/229cd526-41aa-4819-b6f0-e2d0371c89e3
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-14287
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-14287
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447690
reference_id 2447690
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447690
9
reference_url https://github.com/advisories/GHSA-xch3-2f9x-wh9f
reference_id GHSA-xch3-2f9x-wh9f
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xch3-2f9x-wh9f
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-pugd-v7em-sbec
6
vulnerability VCID-qnyj-3qc7-p7bp
7
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2025-14287, GHSA-xch3-2f9x-wh9f
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqvn-65vq-s3eb
16
url VCID-tf87-u8nw-sqh4
vulnerability_id VCID-tf87-u8nw-sqh4
summary 
MLflow Use of Default Password Authentication Bypass Vulnerability
This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the basic_auth.ini file. The file contains hard-coded default credentials. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of the administrator.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-2635
reference_id
reference_type
scores
0
value 0.01519
scoring_system epss
scoring_elements 0.81545
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-2635
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/5bf2ec2bd4222a18d78631183ac7f6b752afe8a4
3
reference_url https://github.com/mlflow/mlflow/pull/19260
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-24T15:17:25Z/
url https://github.com/mlflow/mlflow/pull/19260
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v3.8.0rc0
5
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-111
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.zerodayinitiative.com/advisories/ZDI-26-111
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-2635
reference_id CVE-2026-2635
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-2635
7
reference_url https://github.com/advisories/GHSA-gq3w-7jj3-x7gr
reference_id GHSA-gq3w-7jj3-x7gr
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gq3w-7jj3-x7gr
8
reference_url https://www.zerodayinitiative.com/advisories/ZDI-26-111/
reference_id ZDI-26-111
reference_type
scores
0
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-02-24T15:17:25Z/
url https://www.zerodayinitiative.com/advisories/ZDI-26-111/
fixed_packages
0
url pkg:pypi/mlflow@3.8.0rc0
purl pkg:pypi/mlflow@3.8.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-hqaj-y7cm-7bes
5
vulnerability VCID-pugd-v7em-sbec
6
vulnerability VCID-qnyj-3qc7-p7bp
7
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.8.0rc0
aliases CVE-2026-2635, GHSA-gq3w-7jj3-x7gr
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tf87-u8nw-sqh4
17
url VCID-xbkg-xkmz-1udw
vulnerability_id VCID-xbkg-xkmz-1udw
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15031.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15031.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-15031
reference_id
reference_type
scores
0
value 0.00333
scoring_system epss
scoring_elements 0.56401
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-15031
2
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
3
reference_url https://github.com/mlflow/mlflow/blob/fe4d9be330426904283401f1d2ed914238b6fc37/mlflow/pyfunc/dbconnect_artifact_cache.py#L140
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/blob/fe4d9be330426904283401f1d2ed914238b6fc37/mlflow/pyfunc/dbconnect_artifact_cache.py#L140
4
reference_url https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/commit/3bf6d81ac4d38654c8ff012dbd0c3e9f17e7e346
5
reference_url https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-03-19T13:52:23Z/
url https://huntr.com/bounties/09856f77-f968-446f-a930-657d126efe4e
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-15031
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-15031
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2448912
reference_id 2448912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2448912
8
reference_url https://github.com/advisories/GHSA-fhff-qmm8-h2fp
reference_id GHSA-fhff-qmm8-h2fp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fhff-qmm8-h2fp
fixed_packages
0
url pkg:pypi/mlflow@3.9.0rc0
purl pkg:pypi/mlflow@3.9.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-hqaj-y7cm-7bes
2
vulnerability VCID-pugd-v7em-sbec
3
vulnerability VCID-qnyj-3qc7-p7bp
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.9.0rc0
aliases CVE-2025-15031, GHSA-fhff-qmm8-h2fp
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbkg-xkmz-1udw
18
url VCID-xge2-eqq3-7bb9
vulnerability_id VCID-xge2-eqq3-7bb9
summary gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
reference_id
reference_type
scores
0
value 0.00247
scoring_system epss
scoring_elements 0.48134
published_at 2026-05-30T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-52967
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/issues/15944
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/issues/15944
3
reference_url https://github.com/mlflow/mlflow/pull/15970
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/pull/15970
4
reference_url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow/releases/tag/v2.22.2
5
reference_url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-23T20:12:42Z/
url https://github.com/mlflow/mlflow/releases/tag/v3.1.0
6
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/mlflow/PYSEC-2025-52.yaml
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
reference_id
reference_type
scores
0
value 5.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-52967
8
reference_url https://github.com/advisories/GHSA-wxj7-3fx5-pp9m
reference_id GHSA-wxj7-3fx5-pp9m
reference_type
scores
url https://github.com/advisories/GHSA-wxj7-3fx5-pp9m
fixed_packages
0
url pkg:pypi/mlflow@2.22.2
purl pkg:pypi/mlflow@2.22.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-5zdh-3f88-rkdu
5
vulnerability VCID-7tgs-wa11-nufv
6
vulnerability VCID-hqaj-y7cm-7bes
7
vulnerability VCID-j57a-1m4x-m7b9
8
vulnerability VCID-pugd-v7em-sbec
9
vulnerability VCID-qnyj-3qc7-p7bp
10
vulnerability VCID-rhym-6ebq-mffv
11
vulnerability VCID-rqvn-65vq-s3eb
12
vulnerability VCID-tf87-u8nw-sqh4
13
vulnerability VCID-xbkg-xkmz-1udw
14
vulnerability VCID-xge2-eqq3-7bb9
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.22.2
1
url pkg:pypi/mlflow@3.1.0
purl pkg:pypi/mlflow@3.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12x9-m2bw-3kf9
1
vulnerability VCID-2aw2-55zh-8kew
2
vulnerability VCID-2hep-r691-6uda
3
vulnerability VCID-48st-xdcq-h7ex
4
vulnerability VCID-7tgs-wa11-nufv
5
vulnerability VCID-hqaj-y7cm-7bes
6
vulnerability VCID-j57a-1m4x-m7b9
7
vulnerability VCID-pugd-v7em-sbec
8
vulnerability VCID-qnyj-3qc7-p7bp
9
vulnerability VCID-rhym-6ebq-mffv
10
vulnerability VCID-rqvn-65vq-s3eb
11
vulnerability VCID-tf87-u8nw-sqh4
12
vulnerability VCID-xbkg-xkmz-1udw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@3.1.0
aliases BIT-mlflow-2025-52967, CVE-2025-52967, GHSA-wxj7-3fx5-pp9m, PYSEC-2025-52
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xge2-eqq3-7bb9
Fixing_vulnerabilities
Risk_score2.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.17.1