Package impact
PyPI / mlflow
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15036 | critical | 10.0 | 10.0 | 2mo ago | MLFlow path traversal vulnerability | |||
| CVE-2025-15379 | critical | 9.8 | 9.8 | 2mo ago | MLflow Command Injection vulnerability | |||
| CVE-2026-2611 | critical | 9.6 | 9.6 | 16d ago | MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated Local Command Execution | |||
| CVE-2026-0596 | critical | — | 9.5 | 2mo ago | Mlflow: Command Injection when serving models with enable_mlserver=True |