Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: mlflow Clear
ID Title
CVE-2026-8147 Vulnerability in lfprojects (CVE-2026-8147)
vulnerability in lfprojects (CVE-2026-8147). Confidential information can be exposed externally. Exploitable via ``_before_request``.
CVE-2026-13484 Vulnerability in lfprojects (CVE-2026-13484)
vulnerability in lfprojects (CVE-2026-13484). Risk of unauthorized operations or information disclosure.
CVE-2026-10803 Vulnerability in mlflow (CVE-2026-10803)
vulnerability in mlflow (CVE-2026-10803). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.10.1` or later.
CVE-2026-4035 Vulnerability in mlflow (CVE-2026-4035)
vulnerability in mlflow (CVE-2026-4035). Confidential information can be exposed externally. Exploitable via ``api_key``. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-3198 Vulnerability in mlflow (CVE-2026-3198)
vulnerability in mlflow (CVE-2026-3198). Confidential information can be exposed externally. Exploitable via ``BEFORE_REQUEST_HANDLERS``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2651 Vulnerability in mlflow (CVE-2026-2651)
vulnerability in mlflow (CVE-2026-2651). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.1` or later.
CVE-2026-2734 Vulnerability in mlflow (CVE-2026-2734)
vulnerability in mlflow (CVE-2026-2734). Confidential information can be exposed externally. Exploitable via ``SearchModelVersions``. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2611 Vulnerability in mlflow (CVE-2026-2611)
vulnerability in mlflow (CVE-2026-2611). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-4137 Vulnerability in mlflow (CVE-2026-4137)
vulnerability in mlflow (CVE-2026-4137). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `3.11.0` or later.
CVE-2026-2652 Vulnerability in mlflow (CVE-2026-2652)
vulnerability in mlflow (CVE-2026-2652). Data can be tampered with by attackers. Mitigation: upgrade to `3.10.0` or later.
CVE-2026-2614 MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's filesystem
CVE-2026-2393 SSRF (Server-Side Request Forgery) in mlflow (CVE-2026-2393)
SSRF in mlflow (CVE-2026-2393). Confidential information can be exposed externally. Exploitable via ``url``. Mitigation: upgrade to `3.9.0` or later.
CVE-2026-0545 Vulnerability in dos (CVE-2026-0545)
vulnerability in dos (CVE-2026-0545). Successful exploitation can lead to full system takeover.
CVE-2025-15379 Command Injection in lfprojects (CVE-2025-15379)
command injection in lfprojects (CVE-2025-15379). Successful exploitation can lead to full system takeover. Exploitable via ``python_env.yaml``.
CVE-2025-15036 Vulnerability in path-traversal (CVE-2025-15036)
vulnerability in path-traversal (CVE-2025-15036). Successful exploitation can lead to full system takeover. Exploitable via ``extract_archive_to_dir``.
CVE-2025-15381 Information Disclosure in lfprojects (CVE-2025-15381)
vulnerability in lfprojects (CVE-2025-15381). Data can be tampered with by attackers. Exploitable via ``NO_PERMISSIONS``.
CVE-2025-15031 Path Traversal in lfprojects (CVE-2025-15031)
path traversal in lfprojects (CVE-2025-15031). Confidential information can be exposed externally. Exploitable via ``tarfile.extractall``.
CVE-2025-14287 Code Injection in lfprojects (CVE-2025-14287)
code injection in lfprojects (CVE-2025-14287). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →