Latest version: v0.70.0
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2024-25723 | 65699 |
ZenML Server in the ZenML package before 0.46.7 for Python allows rem… |
|
- | - |
| CVE-2024-5062 | 72088 |
Zenml-io/zenml affected versions have a reflected Cross-Site Scriptin… |
|
MEDIUM | 6.1 |
| CVE-2024-4460 | 71854 |
A denial of service (DoS) vulnerability exists in affected versions o… |
|
- | - |
| CVE-2024-4311 | 74260 |
Affected versions of zenml-io/zenml before are vulnerable to Open Red… |
|
- | - |
| CVE-2024-27454 | 67583 |
Zenml version 0.56.3 has upgraded its orjson dependency to "~3.10.0" … |
|
- | - |
| CVE-2024-24762 | 67571 |
Zenml version 0.56.3 has broadened its compatibility with FastAPI, no… |
|
HIGH | 7.5 |
| CVE-2024-2383 | 71949 |
A clickjacking vulnerability exists in zenml-io/zenml due to the appl… |
|
MEDIUM | 6.1 |
| CVE-2024-2213 | 71952 |
Affected versions of zenml-io/zenml are vulnerable to Broken Authenti… |
|
LOW | 3.3 |
| PVE-2024-67582 | 67582 |
Zenml version 0.56.3 updates its python-multipart dependency from "~0… |
|
- | - |
| CVE-2024-2035 | 71950 |
An improper authorization vulnerability exists in the zenml-io/zenml … |
|
MEDIUM | 6.5 |
| CVE-2024-2260 | 71955 |
A session fixation vulnerability exists in the zenml-io/zenml applica… |
|
- | - |
| CVE-2024-2171 | 71953 |
A stored Cross-Site Scripting (XSS) vulnerability was identified in t… |
|
MEDIUM | 4.8 |
| CVE-2024-2083 | 71954 |
A directory traversal vulnerability exists in the zenml-io/zenml repo… |
|
- | - |
| CVE-2024-2032 | 71951 |
A race condition vulnerability exists in zenml-io/zenml affected vers… |
|
LOW | 3.1 |
| CVE-2023-36281 | 62203 |
Zenml 0.46.0 updates its dependency 'langchain' to versions ">=0.0.32… |
|
CRITICAL | 9.8 |
| CVE-2023-44467 | 62195 |
Zenml 0.46.0 updates its dependency 'langchain' to versions ">=0.0.32… |
|
CRITICAL | 9.8 |
| CVE-2023-39631 | 62202 |
Zenml 0.46.0 updates its dependency 'langchain' to versions ">=0.0.32… |
|
CRITICAL | 9.8 |
| PVE-2023-60407 | 60407 |
Zenml 0.42.1 disables Implicit Auth Methods for Service Connectors by… |
|
- | - |
| CVE-2023-1177 | 54847 |
Zenml 0.37.0 updates its dependency "mlflow' requirement to '>=1.24.0… |
|
CRITICAL | 9.8 |
| CVE-2024-4680 | 71914 |
Affected versions of zenml-io/zenml allow attackers to reuse old sess… |
|
HIGH | 8.8 |