Latest version: v2.19.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2024-1483 | 71589 |
A path traversal vulnerability exists in mlflow/mlflow version 2.9.2,… |
|
- | - |
| CVE-2023-6709 | 62995 |
mlflow 2.9.2 addresses an Improper Neutralization of Special Elements… |
|
HIGH | 8.8 |
| CVE-2024-1560 | 71588 |
A path traversal vulnerability exists in the mlflow/mlflow repository… |
|
- | - |
| CVE-2023-6568 | 62994 |
mlflow 2.9.2 addresses a vulnerability that allows an attacker to inj… |
|
MEDIUM | 6.1 |
| CVE-2023-6753 | 62996 |
Mlflow 2.9.2 fixes for Windows Path Traversal attack. #NOTE: This vu… |
|
HIGH | 8.8 |
| CVE-2024-1594 | 71795 |
A path traversal vulnerability exists in the mlflow/mlflow repository… |
|
- | - |
| CVE-2024-0520 | 71965 |
A vulnerability in mlflow/mlflow allows for remote code execution due… |
|
HIGH | 8.8 |
| CVE-2023-6018 | 62992 |
MLflow version 2.9.0 addresses a vulnerability that previously allowe… |
|
CRITICAL | 9.8 |
| CVE-2023-6015 | 62990 |
MLflow 2.8.1 includes a fix for CVE-2023-6015: Mlflow allowed arbitra… |
|
HIGH | 7.5 |
| CVE-2023-43472 | 62993 |
An issue in MLFlow versions 2.8.1 and before allows a remote attacker… |
|
HIGH | 7.5 |
| CVE-2023-6014 | 62991 |
MLflow version 2.8.0 addresses a vulnerability that previously allowe… |
|
CRITICAL | 9.8 |
| CVE-2023-3765 | 60598 |
Mlflow 2.6.0 includes a fix for CVE-2023-3765: Multiple path traversa… |
|
CRITICAL | 10.0 |
| CVE-2023-4033 | 60599 |
Mlflow 2.6.0 includes a fix for a Command Injection vulnerability. h… |
|
HIGH | 7.8 |
| PVE-2023-58982 | 58982 |
Mlflow 2.4.1 includes a fix for a local file inclusion vulnerability.… |
|
HIDDEN | X.Y |
| CVE-2023-2356 | 60592 |
Mlflow 2.3.1 includes a fix for a Relative Path Traversal vulnerabili… |
|
HIGH | 7.5 |
| PVE-2023-58929 | 58929 |
Mlflow 2.3.1 includes a fix for LFI vulnerability by disabling the ab… |
|
- | - |
| CVE-2023-2780 | 60590 |
Mlflow 2.3.0 includes a fix for a Path Traversal vulnerability. http… |
|
CRITICAL | 9.8 |
| CVE-2023-1177 | 55009 |
Mlflow 2.2.1 includes a fix for CVE-2023-1177: Path Traversal: '\..\f… |
|
CRITICAL | 9.8 |
| CVE-2023-1176 | 55010 |
Mlflow 2.2.1 includes a fix for CVE-2023-1176: Remote file existence … |
|
LOW | 3.3 |
| CVE-2024-27134 | 74438 |
Affected versions of MLflow are vulnerable to Incorrect Default Permi… |
|
- | - |
| PVE-2024-72394 | 72394 |
Affected versions of LangChain have a callback injection issue with a… |
|
- | - |
| CVE-2024-1135 | 70904 |
Mlflow version 2.12.2 updates its gunicorn dependency to version 22 t… |
|
- | - |
| CVE-2024-4263 | 71586 |
A broken access control vulnerability exists in mlflow/mlflow affecte… |
|
- | - |
| CVE-2024-3848 | 71698 |
A path traversal vulnerability exists in mlflow/mlflow affected versi… |
|
- | - |
| CVE-2024-1593 | 71963 |
A path traversal vulnerability exists in the mlflow/mlflow repository… |
|
- | - |
| PVE-2024-67933 | 67933 |
Mlflow 2.12.0 has implemented a security patch to address a critical … |
|
- | - |
| CVE-2024-1558 | 71585 |
A path traversal vulnerability exists in the `_create_model_version()… |
|
- | - |
| CVE-2024-2928 | 71796 |
Affected versions of Mlflow are vulnerable to Local File Inclusion (L… |
|
HIGH | 7.5 |
| CVE-2024-3099 | 71582 |
Affected versions of Mlflow allow attackers to create multiple models… |
|
MEDIUM | 5.4 |
| CVE-2024-27133 | 68486 |
Insufficient sanitization in MLflow leads to XSS when running a recip… |
|
- | - |
| CVE-2024-27132 | 68487 |
Insufficient sanitization in MLflow leads to XSS when running an untr… |
|
- | - |
| CVE-2024-3573 | 71964 |
mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to impr… |
|
- | - |
| CVE-2024-37057 | 71692 |
Deserialization of untrusted data can occur in affected versions of t… |
|
- | - |
| CVE-2023-30172 | 60591 |
Mlflow 2.0.0rc0 includes a fix for a Directory Traversal vulnerabilit… |
|
HIGH | 7.5 |
| CVE-2024-37060 | 71579 |
Deserialization of untrusted data can occur in versions of the MLflow… |
|
- | - |
| CVE-2024-37055 | 71693 |
Deserialization of untrusted data can occur in affected versions of t… |
|
- | - |
| CVE-2024-37056 | 71584 |
Deserialization of untrusted data can occur in versions of the MLflow… |
|
- | - |
| CVE-2024-37061 | 71581 |
Remote Code Execution can occur in versions of the MLflow platform af… |
|
- | - |
| CVE-2024-37052 | 71577 |
Deserialization of untrusted data can occur in versions of the MLflow… |
|
- | - |
| CVE-2024-37053 | 71578 |
Deserialization of untrusted data can occur in versions of the MLflow… |
|
- | - |
| CVE-2023-6977 | 65222 |
This vulnerability enables malicious users to read sensitive files on… |
|
HIGH | 7.5 |
| CVE-2024-37054 | 71587 |
Deserialization of untrusted data can occur in affected versions of t… |
|
- | - |
| CVE-2024-37059 | 71691 |
Deserialization of untrusted data can occur in affected versions of t… |
|
- | - |
| CVE-2023-6831 | 65216 |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow pri… |
|
HIGH | 8.1 |
| CVE-2023-6909 | 65217 |
Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow pri… |
|
HIGH | 7.5 |
| CVE-2023-6974 | 65219 |
A malicious user could use this issue to access internal HTTP(s) serv… |
|
CRITICAL | 9.8 |
| CVE-2023-6976 | 65221 |
This vulnerability is capable of writing arbitrary files into arbitra… |
|
HIGH | 8.8 |
| CVE-2023-6975 | 65220 |
A malicious user could use this issue to get command execution on the… |
|
CRITICAL | 9.8 |
| CVE-2023-6940 | 65218 |
with only one user interaction(download a malicious config), attacker… |
|
HIGH | 8.8 |
| CVE-2022-0736 | 54175 |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1… |
|
HIGH | 7.5 |