System	Score	Found at
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2023-6015
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-f798-qm4r-23r5
cvssv3.1	10.0	https://github.com/mlflow/mlflow
generic_textual	CRITICAL	https://github.com/mlflow/mlflow
cvssv3.1	10.0	https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7
generic_textual	CRITICAL	https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7
cvssv3.1	10.0	https://github.com/mlflow/mlflow/pull/10330
generic_textual	CRITICAL	https://github.com/mlflow/mlflow/pull/10330
cvssv3.1	10.0	https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3
generic_textual	CRITICAL	https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3
cvssv3.1	10.0	https://nvd.nist.gov/vuln/detail/CVE-2023-6015
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2023-6015

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2023-6015
		https://github.com/mlflow/mlflow
		https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7
		https://github.com/mlflow/mlflow/pull/10330
		https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3
CVE-2023-6015		https://nvd.nist.gov/vuln/detail/CVE-2023-6015
GHSA-f798-qm4r-23r5		https://github.com/advisories/GHSA-f798-qm4r-23r5

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/mlflow/mlflow

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/mlflow/mlflow/commit/cf83dad4df26dd4a850622fe8a51ccab1471a5e7

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://github.com/mlflow/mlflow/pull/10330

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://huntr.com/bounties/43e6fb72-676e-4670-a225-15d6836f65d3

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6015

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Percentile	0.73781
EPSS Score	0.00767
Published At	May 30, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-30T21:02:33.383455+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/mlflow/CVE-2023-6015.yml	38.6.0