Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/zenml@0.0.1rc2

Type pypi

Namespace

Name zenml

Version 0.0.1rc2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.68.0

Latest_non_vulnerable_version 0.84.2

Affected_by_vulnerabilities

url VCID-42g8-w871-x3es

vulnerability_id VCID-42g8-w871-x3es

summary A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending malformed multipart requests with arbitrary characters appended to the end of multipart boundaries. This flaw in the multipart request boundary processing mechanism leads to an infinite loop, resulting in a complete denial of service for all users. Affected endpoints include `/api/v1/login` and `/api/v1/device_authorization`.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9340

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44625
published_at	2026-06-13T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44612
published_at	2026-06-14T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44454
published_at	2026-06-11T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44607
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9340

reference_url

https://github.com/advisories/GHSA-6gmf-2369-c76c

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6gmf-2369-c76c

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2025-57.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-9340

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-9340

reference_url

https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6

reference_id

c9200654-7dc0-4c1d-8573-ab79a87fb4f6

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/

url

https://huntr.com/bounties/c9200654-7dc0-4c1d-8573-ab79a87fb4f6

reference_url

https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d

reference_id

cba152eb9ca3071c8372b0b91c02d9d3351de48d

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:54:49Z/

url

https://github.com/zenml-io/zenml/commit/cba152eb9ca3071c8372b0b91c02d9d3351de48d

fixed_packages

url	pkg:pypi/zenml@0.68.0
purl	pkg:pypi/zenml@0.68.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.68.0

aliases CVE-2024-9340, GHSA-6gmf-2369-c76c, PYSEC-2025-57

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-42g8-w871-x3es

url VCID-4hzw-29wd-57g1

vulnerability_id VCID-4hzw-29wd-57g1

summary An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2035

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.16056
published_at	2026-06-14T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.16078
published_at	2026-06-12T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.15937
published_at	2026-06-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.16089
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2035

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-169.yaml

reference_url

https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c

reference_id

1cfc6493-082e-4229-9f2f-496801a6557c

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/

url

https://huntr.com/bounties/1cfc6493-082e-4229-9f2f-496801a6557c

reference_url

https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3

reference_id

b95f083efffa56831cd41d8ed536aeb0b6038fa3

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:34:04Z/

url

https://github.com/zenml-io/zenml/commit/b95f083efffa56831cd41d8ed536aeb0b6038fa3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2035

reference_id

CVE-2024-2035

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2035

reference_url

https://github.com/advisories/GHSA-9x88-4jg8-4vf7

reference_id

GHSA-9x88-4jg8-4vf7

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9x88-4jg8-4vf7

fixed_packages

url pkg:pypi/zenml@0.56.2

purl pkg:pypi/zenml@0.56.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2

aliases CVE-2024-2035, GHSA-9x88-4jg8-4vf7, PYSEC-2024-169

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hzw-29wd-57g1

url VCID-5qpt-9jqh-dba7

vulnerability_id VCID-5qpt-9jqh-dba7

summary A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a specified URL after completing a survey, without proper validation of the 'redirect' parameter. Consequently, an attacker can execute arbitrary JavaScript code in the context of the user's browser session. This vulnerability could be exploited to steal cookies, potentially leading to account takeover.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-5062

reference_id

reference_type

scores

value	0.00168
scoring_system	epss
scoring_elements	0.37963
published_at	2026-06-12T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37976
published_at	2026-06-14T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37989
published_at	2026-06-13T12:55:00Z

value	0.00168
scoring_system	epss
scoring_elements	0.37786
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-5062

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-176.yaml

reference_url

https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4

reference_id

21edd863c0ba53c1110b6f018a07c2d6853cf6d4

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/

url

https://github.com/zenml-io/zenml/commit/21edd863c0ba53c1110b6f018a07c2d6853cf6d4

reference_url

https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f

reference_id

ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-30T19:47:16Z/

url

https://huntr.com/bounties/ceddd3c1-a9da-4d6c-85c4-41d4d1e1102f

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-5062

reference_id

CVE-2024-5062

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	5.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-5062

reference_url

https://github.com/advisories/GHSA-3434-hc3m-8mmm

reference_id

GHSA-3434-hc3m-8mmm

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3434-hc3m-8mmm

fixed_packages

url pkg:pypi/zenml@0.58.0

purl pkg:pypi/zenml@0.58.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.58.0

aliases CVE-2024-5062, GHSA-3434-hc3m-8mmm, PYSEC-2024-176

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5qpt-9jqh-dba7

url VCID-7cya-2yr7-r3e5

vulnerability_id VCID-7cya-2yr7-r3e5

summary An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2213

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.0139
published_at	2026-06-14T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01377
published_at	2026-06-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01375
published_at	2026-06-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01386
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2213

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-193.yaml

reference_url

https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2

reference_id

58cb3d987372c91eb605853c35325701733337c2

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/

url

https://github.com/zenml-io/zenml/commit/58cb3d987372c91eb605853c35325701733337c2

reference_url

https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48

reference_id

8f5534ac-fd08-4b8b-8c2e-35949aa36e48

reference_type

scores

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T12:48:37Z/

url

https://huntr.com/bounties/8f5534ac-fd08-4b8b-8c2e-35949aa36e48

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2213

reference_id

CVE-2024-2213

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2213

reference_url

https://github.com/advisories/GHSA-j527-v579-m98h

reference_id

GHSA-j527-v579-m98h

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j527-v579-m98h

fixed_packages

url pkg:pypi/zenml@0.56.3

purl pkg:pypi/zenml@0.56.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3

aliases CVE-2024-2213, GHSA-j527-v579-m98h, PYSEC-2024-193

risk_score 1.5

exploitability 0.5

weighted_severity 3.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7cya-2yr7-r3e5

url VCID-7gaz-m16x-qbeb

vulnerability_id VCID-7gaz-m16x-qbeb

summary A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2083

reference_id

reference_type

scores

value	0.00672
scoring_system	epss
scoring_elements	0.71971
published_at	2026-06-13T12:55:00Z

value	0.00672
scoring_system	epss
scoring_elements	0.71873
published_at	2026-06-11T12:55:00Z

value	0.00672
scoring_system	epss
scoring_elements	0.71958
published_at	2026-06-12T12:55:00Z

value	0.00672
scoring_system	epss
scoring_elements	0.71968
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2083

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml

reference_id

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-247.yaml

reference_url

https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b

reference_id

00e934f33a243a554f5f65b80eefd5ea5117367b

reference_type

scores

value	9.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/

url

https://github.com/zenml-io/zenml/commit/00e934f33a243a554f5f65b80eefd5ea5117367b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2083

reference_id

CVE-2024-2083

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2083

reference_url

https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f

reference_id

f24b2216-6a4b-42a1-becb-9b47e6cf117f

reference_type

scores

value	9.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T15:29:15Z/

url

https://huntr.com/bounties/f24b2216-6a4b-42a1-becb-9b47e6cf117f

reference_url

https://github.com/advisories/GHSA-6h3f-43vq-53hj

reference_id

GHSA-6h3f-43vq-53hj

reference_type

scores

value	9.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6h3f-43vq-53hj

fixed_packages

url pkg:pypi/zenml@0.55.5

purl pkg:pypi/zenml@0.55.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5

aliases CVE-2024-2083, GHSA-6h3f-43vq-53hj, PYSEC-2024-247

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7gaz-m16x-qbeb

url VCID-bh6k-2w81-5kg1

vulnerability_id VCID-bh6k-2w81-5kg1

summary zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-force the current password in the 'Update Password' function, allowing them to take over the user's account. This vulnerability is due to the absence of rate-limiting on the '/api/v1/current-user' endpoint, which does not restrict the number of attempts an attacker can make to guess the current password. Successful exploitation results in the attacker being able to change the password and take control of the account.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4311

reference_id

reference_type

scores

value	0.00072
scoring_system	epss
scoring_elements	0.22273
published_at	2026-06-12T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22264
published_at	2026-06-14T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22083
published_at	2026-06-11T12:55:00Z

value	0.00072
scoring_system	epss
scoring_elements	0.22285
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4311

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-4311

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-4311

reference_url

https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9

reference_id

87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/

url

https://github.com/zenml-io/zenml/commit/87a6c2c8f45b49ea83fbb5fe8fff7ab5365a60c9

reference_url

https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2

reference_id

d5517e1a-6b94-4e38-aad6-3aa65f98bec2

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-18T15:37:57Z/

url

https://huntr.com/bounties/d5517e1a-6b94-4e38-aad6-3aa65f98bec2

reference_url

https://github.com/advisories/GHSA-j3vq-pmp5-r5xj

reference_id

GHSA-j3vq-pmp5-r5xj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-j3vq-pmp5-r5xj

fixed_packages

url pkg:pypi/zenml@0.57.0rc2

purl pkg:pypi/zenml@0.57.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.0rc2

aliases CVE-2024-4311, GHSA-j3vq-pmp5-r5xj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bh6k-2w81-5kg1

url VCID-cc82-xbg4-sbd4

vulnerability_id VCID-cc82-xbg4-sbd4

summary A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-4680

reference_id

reference_type

scores

value	0.00076
scoring_system	epss
scoring_elements	0.23124
published_at	2026-06-14T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.22938
published_at	2026-06-11T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.23145
published_at	2026-06-13T12:55:00Z

value	0.00076
scoring_system	epss
scoring_elements	0.23134
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-4680

reference_url

https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a

reference_id

c88f6bd2-490d-4930-98dd-03651b20230a

reference_type

scores

value	3.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

value	3.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-26T20:06:48Z/

url

https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-4680

reference_id

CVE-2024-4680

reference_type

scores

value	3.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L

value	2.0
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-4680

reference_url

https://github.com/advisories/GHSA-99hm-86h7-gr3g

reference_id

GHSA-99hm-86h7-gr3g

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-99hm-86h7-gr3g

fixed_packages

url pkg:pypi/zenml@0.56.4

purl pkg:pypi/zenml@0.56.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.4

aliases CVE-2024-4680, GHSA-99hm-86h7-gr3g

risk_score 1.8

exploitability 0.5

weighted_severity 3.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cc82-xbg4-sbd4

url VCID-dhp5-dpvm-v7cc

vulnerability_id VCID-dhp5-dpvm-v7cc

summary A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2383

reference_id

reference_type

scores

value	0.00056
scoring_system	epss
scoring_elements	0.1811
published_at	2026-06-14T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.18118
published_at	2026-06-12T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.17959
published_at	2026-06-11T12:55:00Z

value	0.00056
scoring_system	epss
scoring_elements	0.18135
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2383

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-194.yaml

reference_url

https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963

reference_id

22d26f5a-c0ae-4344-aa7d-08ff5ada3963

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/

url

https://huntr.com/bounties/22d26f5a-c0ae-4344-aa7d-08ff5ada3963

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2383

reference_id

CVE-2024-2383

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2383

reference_url

https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9

reference_id

f863fde1269bc355951f8cfc826c0244d88ad5e9

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T19:37:36Z/

url

https://github.com/zenml-io/zenml/commit/f863fde1269bc355951f8cfc826c0244d88ad5e9

reference_url

https://github.com/advisories/GHSA-mq73-g4qr-fgcq

reference_id

GHSA-mq73-g4qr-fgcq

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mq73-g4qr-fgcq

fixed_packages

url pkg:pypi/zenml@0.56.3

purl pkg:pypi/zenml@0.56.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.3

aliases CVE-2024-2383, GHSA-mq73-g4qr-fgcq, PYSEC-2024-194

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dhp5-dpvm-v7cc

url VCID-gsey-n5gk-huah

vulnerability_id VCID-gsey-n5gk-huah

summary

references

reference_url

https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/zenml-io/zenml/commit/164cc09032060bbfc17e9dbd62c13efd5ff5771b

reference_url

https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://huntr.com/bounties/a387c935-b970-44d7-bddc-71c1c90aa2de

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-4460

reference_id

CVE-2024-4460

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-4460

reference_url

https://github.com/advisories/GHSA-7gjr-hcc3-xfr4

reference_id

GHSA-7gjr-hcc3-xfr4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7gjr-hcc3-xfr4

fixed_packages

url pkg:pypi/zenml@0.57.1

purl pkg:pypi/zenml@0.57.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.57.1

aliases CVE-2024-4460, GHSA-7gjr-hcc3-xfr4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gsey-n5gk-huah

url VCID-j3df-fbe5-37ha

vulnerability_id VCID-j3df-fbe5-37ha

summary ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25723

reference_id

reference_type

scores

value	0.89644
scoring_system	epss
scoring_elements	0.99584
published_at	2026-06-13T12:55:00Z

value	0.89644
scoring_system	epss
scoring_elements	0.99583
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25723

reference_url

https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2

reference_id

0.42.1...0.42.2

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/

url

https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2

reference_url

https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1

reference_id

0.43.0...0.43.1

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/

url

https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1

reference_url

https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4

reference_id

0.44.3...0.44.4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/

url

https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4

reference_url

https://www.zenml.io/blog/critical-security-update-for-zenml-users

reference_id

critical-security-update-for-zenml-users

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/

url

https://www.zenml.io/blog/critical-security-update-for-zenml-users

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-25723

reference_id

CVE-2024-25723

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-25723

reference_url

https://github.com/advisories/GHSA-vf7j-cmrj-pmmm

reference_id

GHSA-vf7j-cmrj-pmmm

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vf7j-cmrj-pmmm

reference_url

https://github.com/zenml-io/zenml

reference_id

zenml

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	7.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-07-26T18:59:00Z/

url

https://github.com/zenml-io/zenml

fixed_packages

url pkg:pypi/zenml@0.42.2

purl pkg:pypi/zenml@0.42.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-7gaz-m16x-qbeb

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-tkuk-h9xn-1yey

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.42.2

url pkg:pypi/zenml@0.43.1

purl pkg:pypi/zenml@0.43.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-7gaz-m16x-qbeb

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-tkuk-h9xn-1yey

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.43.1

url pkg:pypi/zenml@0.44.4

purl pkg:pypi/zenml@0.44.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-7gaz-m16x-qbeb

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-tkuk-h9xn-1yey

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.44.4

url	pkg:pypi/zenml@0.46.7
purl	pkg:pypi/zenml@0.46.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.46.7

url pkg:pypi/zenml@0.47.0

purl pkg:pypi/zenml@0.47.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-7gaz-m16x-qbeb

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-tkuk-h9xn-1yey

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.47.0

aliases CVE-2024-25723, GHSA-vf7j-cmrj-pmmm

risk_score 10.0

exploitability 2.0

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j3df-fbe5-37ha

url VCID-qj66-8fqx-s3dx

vulnerability_id VCID-qj66-8fqx-s3dx

summary A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2171

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.20203
published_at	2026-06-14T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20207
published_at	2026-06-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20034
published_at	2026-06-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20226
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2171

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-170.yaml

reference_url

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_id

68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/

url

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_url

https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8

reference_id

cee06a28-7e3b-460b-b504-69add838ebe8

reference_type

scores

value	3.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-09T18:40:13Z/

url

https://huntr.com/bounties/cee06a28-7e3b-460b-b504-69add838ebe8

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2171

reference_id

CVE-2024-2171

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2171

reference_url

https://github.com/advisories/GHSA-vwgf-7f9h-h499

reference_id

GHSA-vwgf-7f9h-h499

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-vwgf-7f9h-h499

fixed_packages

url pkg:pypi/zenml@0.56.2

purl pkg:pypi/zenml@0.56.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2

aliases CVE-2024-2171, GHSA-vwgf-7f9h-h499, PYSEC-2024-170

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qj66-8fqx-s3dx

url VCID-tkuk-h9xn-1yey

vulnerability_id VCID-tkuk-h9xn-1yey

summary A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2032

reference_id

reference_type

scores

value	0.00044
scoring_system	epss
scoring_elements	0.13887
published_at	2026-06-14T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13919
published_at	2026-06-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13803
published_at	2026-06-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13917
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2032

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-105.yaml

reference_url

https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56

reference_id

6199cd5d-611f-4ea9-96c5-52a952ba5a56

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/

url

https://huntr.com/bounties/6199cd5d-611f-4ea9-96c5-52a952ba5a56

reference_url

https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b

reference_id

afcaf741ef9114c9b32f722f101b97de3d8d147b

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-07T18:33:05Z/

url

https://github.com/zenml-io/zenml/commit/afcaf741ef9114c9b32f722f101b97de3d8d147b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2032

reference_id

CVE-2024-2032

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2032

reference_url

https://github.com/advisories/GHSA-c546-8jmq-hprj

reference_id

GHSA-c546-8jmq-hprj

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:L

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c546-8jmq-hprj

fixed_packages

url pkg:pypi/zenml@0.55.5

purl pkg:pypi/zenml@0.55.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-4hzw-29wd-57g1

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

vulnerability	VCID-qj66-8fqx-s3dx

vulnerability	VCID-utfk-qyy1-muhw

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.55.5

aliases CVE-2024-2032, GHSA-c546-8jmq-hprj, PYSEC-2024-105

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkuk-h9xn-1yey

url VCID-utfk-qyy1-muhw

vulnerability_id VCID-utfk-qyy1-muhw

summary A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2260

reference_id

reference_type

scores

value	0.00083
scoring_system	epss
scoring_elements	0.24428
published_at	2026-06-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24221
published_at	2026-06-11T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24416
published_at	2026-06-12T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24411
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2260

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/zenml/PYSEC-2024-254.yaml

reference_url

https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167

reference_id

2d0856ec-ed73-477a-8ea2-d5d4f15cf167

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/

url

https://huntr.com/bounties/2d0856ec-ed73-477a-8ea2-d5d4f15cf167

reference_url

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_id

68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-03T17:33:53Z/

url

https://github.com/zenml-io/zenml/commit/68bcb3ba60cba9729c9713a49c39502d40fb945e

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-2260

reference_id

CVE-2024-2260

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-2260

reference_url

https://github.com/advisories/GHSA-g3r5-72hf-p7p2

reference_id

GHSA-g3r5-72hf-p7p2

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g3r5-72hf-p7p2

fixed_packages

url pkg:pypi/zenml@0.56.2

purl pkg:pypi/zenml@0.56.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-42g8-w871-x3es

vulnerability	VCID-5qpt-9jqh-dba7

vulnerability	VCID-7cya-2yr7-r3e5

vulnerability	VCID-bh6k-2w81-5kg1

vulnerability	VCID-cc82-xbg4-sbd4

vulnerability	VCID-dhp5-dpvm-v7cc

vulnerability	VCID-gsey-n5gk-huah

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.56.2

aliases CVE-2024-2260, GHSA-g3r5-72hf-p7p2, PYSEC-2024-254

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-utfk-qyy1-muhw

Fixing_vulnerabilities

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/zenml@0.0.1rc2

Package Instance