Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: lfprojects Clear
ID Title
CVE-2026-8147 Vulnerability in lfprojects (CVE-2026-8147)
vulnerability in lfprojects (CVE-2026-8147). Confidential information can be exposed externally. Exploitable via ``_before_request``.
CVE-2026-13484 Vulnerability in lfprojects (CVE-2026-13484)
vulnerability in lfprojects (CVE-2026-13484). Risk of unauthorized operations or information disclosure.
CVE-2026-10803 Vulnerability in mlflow (CVE-2026-10803)
vulnerability in mlflow (CVE-2026-10803). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.1` or later.
CVE-2026-4035 Vulnerability in mlflow (CVE-2026-4035)
vulnerability in mlflow (CVE-2026-4035). Confidential information can be exposed externally. Exploitable via ``api_key``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-3198 Vulnerability in mlflow (CVE-2026-3198)
vulnerability in mlflow (CVE-2026-3198). Confidential information can be exposed externally. Exploitable via ``BEFORE_REQUEST_HANDLERS``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2651 Vulnerability in mlflow (CVE-2026-2651)
vulnerability in mlflow (CVE-2026-2651). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.1` or later.
CVE-2026-2734 Vulnerability in mlflow (CVE-2026-2734)
vulnerability in mlflow (CVE-2026-2734). Confidential information can be exposed externally. Exploitable via ``SearchModelVersions``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2611 Vulnerability in mlflow (CVE-2026-2611)
vulnerability in mlflow (CVE-2026-2611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-4137 Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2614 MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
CVE-2026-2393 SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
SSRF in mlflow (CVE-2026-2393). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-44430 SSRF (Server-Side Request Forgery) in github.com/modelcontextprotocol/registry (CVE-2026-44430)
SSRF in github.com/modelcontextprotocol/registry (CVE-2026-44430). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/http`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-44429 Vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429)
vulnerability in github.com/modelcontextprotocol/registry (CVE-2026-44429). Risk of unauthorized operations or information disclosure. Exploitable via `POST /v0/auth/github-at`. Mitigation: upgrade to `1.7.7` or later.
CVE-2026-44428 SSRF (Server-Side Request Forgery) in github.com/modelcontextprotocol/registry (CVE-2026-44428)
SSRF in github.com/modelcontextprotocol/registry (CVE-2026-44428). Risk of unauthorized operations or information disclosure. Exploitable via ``c5c4b9e8890dd5754bee889b2f1417f4fe3b5ce5``. Mitigation: upgrade to `1.7.6` or later.
CVE-2026-0545 Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
CVE-2026-34742 Vulnerability in lfprojects (CVE-2026-34742)
vulnerability in lfprojects (CVE-2026-34742). Confidential information can be exposed externally.
CVE-2026-34237 Vulnerability in io.modelcontextprotocol.sdk:mcp-core (CVE-2026-34237)
vulnerability in io.modelcontextprotocol.sdk:mcp-core (CVE-2026-34237). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.18.3` or later.
CVE-2025-15379 Command Injection in lfprojects (CVE-2025-15379)
command injection in lfprojects (CVE-2025-15379). Successful exploitation can lead to full system takeover. Exploitable via ``python_env.yaml``.
CVE-2025-15036 Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
CVE-2025-15381 Information Disclosure in lfprojects (CVE-2025-15381)
vulnerability in lfprojects (CVE-2025-15381). Data can be tampered with by attackers. Exploitable via ``NO_PERMISSIONS``.
CVE-2025-15031 Path Traversal in lfprojects (CVE-2025-15031)
path traversal in lfprojects (CVE-2025-15031). Confidential information can be exposed externally. Exploitable via ``tarfile.extractall``.
CVE-2025-14287 Code Injection in lfprojects (CVE-2025-14287)
code injection in lfprojects (CVE-2025-14287). Successful exploitation can lead to full system takeover.
CVE-2026-27896 Vulnerability in lfprojects (CVE-2026-27896)
vulnerability in lfprojects (CVE-2026-27896). Data can be tampered with by attackers.
CVE-2026-27623 Vulnerability in lfprojects (CVE-2026-27623)
vulnerability in lfprojects (CVE-2026-27623). Risk of unauthorized operations or information disclosure.
CVE-2026-21863 Out-of-Bounds Read in lfprojects (CVE-2026-21863)
vulnerability in lfprojects (CVE-2026-21863). Risk of unauthorized operations or information disclosure.
CVE-2025-67733 Vulnerability in lfprojects (CVE-2025-67733)
vulnerability in lfprojects (CVE-2025-67733). Risk of unauthorized operations or information disclosure.
CVE-2026-25536 Vulnerability in lfprojects (CVE-2026-25536)
vulnerability in lfprojects (CVE-2026-25536). Confidential information can be exposed externally.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →