| CVE-2025-15036 |
critical |
10.0 |
10.0 |
|
|
|
2mo ago |
MLFlow path traversal vulnerability |
| CVE-2025-15379 |
critical |
9.8 |
9.8 |
|
|
|
2mo ago |
MLflow Command Injection vulnerability |
| CVE-2026-0596 |
critical |
— |
9.5 |
|
|
|
2mo ago |
Mlflow: Command Injection when serving models with enable_mlserver=True |
| CVE-2026-2652 |
high |
8.6 |
8.6 |
|
|
|
20d ago |
MLflow: unauthenticated access to certain FastAPI routes |
| CVE-2026-4137 |
high |
7.8 |
7.8 |
|
|
|
16d ago |
In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary directories with world-writable permissions (0o777), and the `_… |
| CVE-2026-2614 |
high |
7.5 |
7.5 |
|
|
|
23d ago |
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem |
| CVE-2026-2393 |
high |
7.1 |
7.1 |
|
|
|
23d ago |
MLflow Has a Server-Side Request Forgery (SSRF) Vulnerability |
| CVE-2025-15381 |
high |
7.1 |
7.1 |
|
|
|
2mo ago |
MLFlow allows Tracing + Assessments Access |
| CVE-2026-33865 |
unknown |
— |
— |
|
|
|
2mo ago |
MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file … |
| CVE-2026-33866 |
unknown |
— |
— |
|
|
|
2mo ago |
MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given exp… |
| CVE-2026-0545 |
unknown |
— |
— |
|
|
|
2mo ago |
mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization |
| CVE-2025-15031 |
unknown |
— |
— |
|
|
|
3mo ago |
Arbitrary file write via tar traversal in mlflow |
| CVE-2025-14287 |
unknown |
— |
— |
|
|
|
3mo ago |
MLflow has a command injection in mlflow/sagemaker/__init__.py |
| CVE-2026-2033 |
unknown |
— |
— |
|
|
|
3mo ago |
MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability |
| CVE-2026-2635 |
unknown |
— |
— |
|
|
|
3mo ago |
MLflow Use of Default Password Authentication Bypass Vulnerability |
| CVE-2025-10279 |
unknown |
— |
— |
|
|
|
4mo ago |
mlflow Creates of Temporary File in Directory with Insecure Permissions |
| CVE-2025-14279 |
unknown |
— |
— |
|
|
|
5mo ago |
MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validation |
| CVE-2025-11200 |
unknown |
— |
— |
|
|
|
7mo ago |
MLflow Weak Password Requirements Authentication Bypass Vulnerability |
| CVE-2025-11201 |
unknown |
— |
— |
|
|
|
7mo ago |
MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability |
| CVE-2025-52967 |
unknown |
— |
— |
|
|
|
1y ago |
gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation. |
| CVE-2025-1473 |
unknown |
— |
— |
|
|
|
1y ago |
MLflow Cross-Site Request Forgery (CSRF) vulnerability |
| CVE-2025-1474 |
unknown |
— |
— |
|
|
|
1y ago |
In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be suscepti… |
| CVE-2025-0453 |
unknown |
— |
— |
|
|
|
1y ago |
MLflow Uncontrolled Resource Consumption vulnerability |
| CVE-2024-8859 |
unknown |
— |
— |
|
|
|
1y ago |
MLflow has a Local File Read/Path Traversal in dbfs |
| CVE-2024-6838 |
unknown |
— |
— |
|
|
|
1y ago |
MLflow Uncontrolled Resource Consumption vulnerability |
| CVE-2024-27134 |
unknown |
— |
— |
|
|
|
2y ago |
Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU a… |
| CVE-2024-3099 |
unknown |
— |
— |
|
|
|
2y ago |
Undefined Behavior in mlflow |
| CVE-2024-2928 |
unknown |
— |
— |
|
|
|
2y ago |
A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure … |
| CVE-2024-0520 |
unknown |
— |
— |
|
|
|
2y ago |
A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.… |
| CVE-2024-37058 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37057 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37061 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow improper input validation |
| CVE-2024-37060 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37059 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37053 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37052 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37054 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37055 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-37056 |
unknown |
— |
— |
|
|
|
2y ago |
MLFlow unsafe deserialization |
| CVE-2024-3848 |
unknown |
— |
— |
|
|
|
2y ago |
A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of a… |
| CVE-2024-4263 |
unknown |
— |
— |
|
|
|
2y ago |
A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises… |
| CVE-2024-3573 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_lo… |
| CVE-2024-1558 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow vulnerable to Path Traversal |
| CVE-2024-1594 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow vulnerable to Path Traversal |
| CVE-2024-1593 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow vulnerable to Path Traversal |
| CVE-2024-1560 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow vulnerable to Path Traversal |
| CVE-2024-1483 |
unknown |
— |
— |
|
|
|
2y ago |
mlflow Path Traversal vulnerability |
| CVE-2024-27132 |
unknown |
— |
— |
|
|
|
2y ago |
Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe.
This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook.
The vulnerability stem… |
| CVE-2024-27133 |
unknown |
— |
— |
|
|
|
2y ago |
Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerabi… |
| CVE-2023-6909 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. |
| CVE-2023-6977 |
unknown |
— |
— |
|
|
|
3y ago |
MLflow Local File Disclosure Vulnerability |
| CVE-2023-6976 |
unknown |
— |
— |
|
|
|
3y ago |
MLflow Path Traversal Vulnerability |
| CVE-2023-6975 |
unknown |
— |
— |
|
|
|
3y ago |
MLFlow Path Traversal Vulnerability |
| CVE-2023-6974 |
unknown |
— |
— |
|
|
|
3y ago |
MLflow Server-Side Request Forgery (SSRF) |
| CVE-2023-6940 |
unknown |
— |
— |
|
|
|
3y ago |
mlflow Command Injection vulnerability |
| CVE-2023-6831 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. |
| CVE-2023-6753 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. |
| CVE-2023-6709 |
unknown |
— |
— |
|
|
|
3y ago |
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2. |
| CVE-2023-6568 |
unknown |
— |
— |
|
|
|
3y ago |
A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malic… |
| CVE-2023-43472 |
unknown |
— |
— |
|
|
|
3y ago |
Information exposure in MLflow |
| CVE-2023-6014 |
unknown |
— |
— |
|
|
|
3y ago |
MLflow authentication requirement bypass can allow a user to arbitrarily create an account |
| CVE-2023-6018 |
unknown |
— |
— |
|
|
|
3y ago |
Remote Code Execution due to Full Controled File Write in mlflow |
| CVE-2023-6015 |
unknown |
— |
— |
|
|
|
3y ago |
MLflow allowed arbitrary files to be PUT onto the server |
| CVE-2023-4033 |
unknown |
— |
— |
|
|
|
3y ago |
OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0. |
| CVE-2023-3765 |
unknown |
— |
— |
|
|
|
3y ago |
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0. |
| CVE-2023-2780 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. |
| CVE-2023-30172 |
unknown |
— |
— |
|
|
|
3y ago |
A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. |
| CVE-2023-2356 |
unknown |
— |
— |
|
|
|
3y ago |
Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. |
| CVE-2023-1176 |
unknown |
— |
— |
|
|
|
3y ago |
Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.2.2. |
| CVE-2023-1177 |
unknown |
— |
— |
|
|
|
3y ago |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. |
| CVE-2022-0736 |
unknown |
— |
— |
|
|
|
4y ago |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. |
