Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-q3e8-gwag-jbfd
Summary
MLflow Cross-Site Request Forgery (CSRF) vulnerability
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user.
Aliases
0
alias CVE-2025-1473
1
alias GHSA-969w-gqqr-g6j3
Fixed_packages
0
url pkg:pypi/mlflow@2.20.3
purl pkg:pypi/mlflow@2.20.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-rcqb-2498-77e2
11
vulnerability VCID-rkbn-tn99-rucq
12
vulnerability VCID-shfs-2f4g-13dm
13
vulnerability VCID-tbbj-9qan-ubgg
14
vulnerability VCID-twnx-dt83-nuf3
15
vulnerability VCID-v436-quyu-1kav
16
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.3
Affected_packages
0
url pkg:pypi/mlflow@2.17.0
purl pkg:pypi/mlflow@2.17.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-2pbf-wr1w-gkdt
3
vulnerability VCID-57gp-hzcs-nubp
4
vulnerability VCID-5a75-gxh6-5bak
5
vulnerability VCID-b5eg-nt7k-z7fw
6
vulnerability VCID-cu1t-7wnm-y7hk
7
vulnerability VCID-g8qn-qss3-sqcc
8
vulnerability VCID-g9p5-4cqv-qfew
9
vulnerability VCID-hu7e-n16j-rubw
10
vulnerability VCID-hz26-bm34-gkfx
11
vulnerability VCID-nzpp-uvn2-97dn
12
vulnerability VCID-q3e8-gwag-jbfd
13
vulnerability VCID-rcqb-2498-77e2
14
vulnerability VCID-rkbn-tn99-rucq
15
vulnerability VCID-shfs-2f4g-13dm
16
vulnerability VCID-tbbj-9qan-ubgg
17
vulnerability VCID-twnx-dt83-nuf3
18
vulnerability VCID-v436-quyu-1kav
19
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.17.0
1
url pkg:pypi/mlflow@2.17.1
purl pkg:pypi/mlflow@2.17.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-2pbf-wr1w-gkdt
3
vulnerability VCID-57gp-hzcs-nubp
4
vulnerability VCID-5a75-gxh6-5bak
5
vulnerability VCID-b5eg-nt7k-z7fw
6
vulnerability VCID-cu1t-7wnm-y7hk
7
vulnerability VCID-g8qn-qss3-sqcc
8
vulnerability VCID-g9p5-4cqv-qfew
9
vulnerability VCID-hu7e-n16j-rubw
10
vulnerability VCID-hz26-bm34-gkfx
11
vulnerability VCID-nzpp-uvn2-97dn
12
vulnerability VCID-q3e8-gwag-jbfd
13
vulnerability VCID-rcqb-2498-77e2
14
vulnerability VCID-rkbn-tn99-rucq
15
vulnerability VCID-shfs-2f4g-13dm
16
vulnerability VCID-tbbj-9qan-ubgg
17
vulnerability VCID-twnx-dt83-nuf3
18
vulnerability VCID-v436-quyu-1kav
19
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.17.1
2
url pkg:pypi/mlflow@2.17.2
purl pkg:pypi/mlflow@2.17.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-2pbf-wr1w-gkdt
3
vulnerability VCID-57gp-hzcs-nubp
4
vulnerability VCID-5a75-gxh6-5bak
5
vulnerability VCID-b5eg-nt7k-z7fw
6
vulnerability VCID-cu1t-7wnm-y7hk
7
vulnerability VCID-g8qn-qss3-sqcc
8
vulnerability VCID-g9p5-4cqv-qfew
9
vulnerability VCID-hu7e-n16j-rubw
10
vulnerability VCID-hz26-bm34-gkfx
11
vulnerability VCID-nzpp-uvn2-97dn
12
vulnerability VCID-q3e8-gwag-jbfd
13
vulnerability VCID-rcqb-2498-77e2
14
vulnerability VCID-rkbn-tn99-rucq
15
vulnerability VCID-shfs-2f4g-13dm
16
vulnerability VCID-tbbj-9qan-ubgg
17
vulnerability VCID-twnx-dt83-nuf3
18
vulnerability VCID-v436-quyu-1kav
19
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.17.2
3
url pkg:pypi/mlflow@2.18.0rc0
purl pkg:pypi/mlflow@2.18.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-hz26-bm34-gkfx
10
vulnerability VCID-nzpp-uvn2-97dn
11
vulnerability VCID-q3e8-gwag-jbfd
12
vulnerability VCID-rcqb-2498-77e2
13
vulnerability VCID-rkbn-tn99-rucq
14
vulnerability VCID-shfs-2f4g-13dm
15
vulnerability VCID-tbbj-9qan-ubgg
16
vulnerability VCID-twnx-dt83-nuf3
17
vulnerability VCID-v436-quyu-1kav
18
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.18.0rc0
4
url pkg:pypi/mlflow@2.18.0
purl pkg:pypi/mlflow@2.18.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-hz26-bm34-gkfx
10
vulnerability VCID-nzpp-uvn2-97dn
11
vulnerability VCID-q3e8-gwag-jbfd
12
vulnerability VCID-rcqb-2498-77e2
13
vulnerability VCID-rkbn-tn99-rucq
14
vulnerability VCID-shfs-2f4g-13dm
15
vulnerability VCID-tbbj-9qan-ubgg
16
vulnerability VCID-twnx-dt83-nuf3
17
vulnerability VCID-v436-quyu-1kav
18
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.18.0
5
url pkg:pypi/mlflow@2.19.0rc0
purl pkg:pypi/mlflow@2.19.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-hz26-bm34-gkfx
10
vulnerability VCID-nzpp-uvn2-97dn
11
vulnerability VCID-q3e8-gwag-jbfd
12
vulnerability VCID-rcqb-2498-77e2
13
vulnerability VCID-rkbn-tn99-rucq
14
vulnerability VCID-shfs-2f4g-13dm
15
vulnerability VCID-tbbj-9qan-ubgg
16
vulnerability VCID-twnx-dt83-nuf3
17
vulnerability VCID-v436-quyu-1kav
18
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0rc0
6
url pkg:pypi/mlflow@2.19.0
purl pkg:pypi/mlflow@2.19.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-q3e8-gwag-jbfd
11
vulnerability VCID-rcqb-2498-77e2
12
vulnerability VCID-rkbn-tn99-rucq
13
vulnerability VCID-shfs-2f4g-13dm
14
vulnerability VCID-tbbj-9qan-ubgg
15
vulnerability VCID-twnx-dt83-nuf3
16
vulnerability VCID-v436-quyu-1kav
17
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.19.0
7
url pkg:pypi/mlflow@2.20.0rc0
purl pkg:pypi/mlflow@2.20.0rc0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-q3e8-gwag-jbfd
11
vulnerability VCID-rcqb-2498-77e2
12
vulnerability VCID-rkbn-tn99-rucq
13
vulnerability VCID-shfs-2f4g-13dm
14
vulnerability VCID-tbbj-9qan-ubgg
15
vulnerability VCID-twnx-dt83-nuf3
16
vulnerability VCID-v436-quyu-1kav
17
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.0rc0
8
url pkg:pypi/mlflow@2.20.0
purl pkg:pypi/mlflow@2.20.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-q3e8-gwag-jbfd
11
vulnerability VCID-rcqb-2498-77e2
12
vulnerability VCID-rkbn-tn99-rucq
13
vulnerability VCID-shfs-2f4g-13dm
14
vulnerability VCID-tbbj-9qan-ubgg
15
vulnerability VCID-twnx-dt83-nuf3
16
vulnerability VCID-v436-quyu-1kav
17
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.0
9
url pkg:pypi/mlflow@2.20.1
purl pkg:pypi/mlflow@2.20.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-q3e8-gwag-jbfd
11
vulnerability VCID-rcqb-2498-77e2
12
vulnerability VCID-rkbn-tn99-rucq
13
vulnerability VCID-shfs-2f4g-13dm
14
vulnerability VCID-tbbj-9qan-ubgg
15
vulnerability VCID-twnx-dt83-nuf3
16
vulnerability VCID-v436-quyu-1kav
17
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.1
10
url pkg:pypi/mlflow@2.20.2
purl pkg:pypi/mlflow@2.20.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1rkq-1ed6-fkd8
1
vulnerability VCID-2p2m-e3dw-kuhs
2
vulnerability VCID-57gp-hzcs-nubp
3
vulnerability VCID-5a75-gxh6-5bak
4
vulnerability VCID-b5eg-nt7k-z7fw
5
vulnerability VCID-cu1t-7wnm-y7hk
6
vulnerability VCID-g8qn-qss3-sqcc
7
vulnerability VCID-g9p5-4cqv-qfew
8
vulnerability VCID-hu7e-n16j-rubw
9
vulnerability VCID-nzpp-uvn2-97dn
10
vulnerability VCID-q3e8-gwag-jbfd
11
vulnerability VCID-rcqb-2498-77e2
12
vulnerability VCID-rkbn-tn99-rucq
13
vulnerability VCID-shfs-2f4g-13dm
14
vulnerability VCID-tbbj-9qan-ubgg
15
vulnerability VCID-twnx-dt83-nuf3
16
vulnerability VCID-v436-quyu-1kav
17
vulnerability VCID-wp3u-ssnj-tyh8
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/mlflow@2.20.2
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1473
reference_id
reference_type
scores
0
value 0.00162
scoring_system epss
scoring_elements 0.36915
published_at 2026-06-08T12:55:00Z
1
value 0.00162
scoring_system epss
scoring_elements 0.36954
published_at 2026-06-07T12:55:00Z
2
value 0.00162
scoring_system epss
scoring_elements 0.36987
published_at 2026-06-06T12:55:00Z
3
value 0.00162
scoring_system epss
scoring_elements 0.36981
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1473
1
reference_url https://github.com/mlflow/mlflow
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/mlflow/mlflow
2
reference_url https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:49:00Z/
url https://github.com/mlflow/mlflow/commit/ecfa61cb43d3303589f3b5834fd95991c9706628
3
reference_url https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-20T17:49:00Z/
url https://huntr.com/bounties/43dc50b6-7d1e-41b9-9f97-f28809df1d45
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-1473
reference_id CVE-2025-1473
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-1473
5
reference_url https://github.com/advisories/GHSA-969w-gqqr-g6j3
reference_id GHSA-969w-gqqr-g6j3
reference_type
scores
url https://github.com/advisories/GHSA-969w-gqqr-g6j3
Weaknesses
0
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-q3e8-gwag-jbfd