Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MLflow — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MLflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by MLflow:mlflow/mlflowMLflow
CVE IDTitleCVSSSeverityPublished
CVE-2026-33866 Authorization Bypass in MLflow AJAX Endpoint — MlflowCWE-862 4.3AIMediumAI2026-04-07
CVE-2026-33865 Stored XSS via unsafe YAML parsing in MLflow — MlflowCWE-79 5.4AIMediumAI2026-04-07
CVE-2026-0545 Missing Authentication for Critical Function in mlflow/mlflow — mlflow/mlflowCWE-306 9.8AICriticalAI2026-04-03
CVE-2026-0596 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-78 7.8 -2026-03-31
CVE-2025-15379 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-77 8.8 -2026-03-30
CVE-2025-15036 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-29 8.4 -2026-03-30
CVE-2025-15381 Unauthorized Access to Tracing and Assessment Endpoints in mlflow/mlflow — mlflow/mlflowCWE-200 5.4 -2026-03-27
CVE-2025-15031 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22 7.8 -2026-03-18
CVE-2025-14287 Command Injection in mlflow/mlflow — mlflow/mlflowCWE-94 9.8 -2026-03-15
CVE-2026-2635 MLflow Use of Default Password Authentication Bypass Vulnerability — MLflowCWE-1393 9.8AICriticalAI2026-02-20
CVE-2026-2033 MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22 9.8AICriticalAI2026-02-20
CVE-2025-10279 Privilege Escalation in mlflow/mlflow — mlflow/mlflowCWE-379 7.0AIHighAI2026-02-02
CVE-2025-14279 DNS Rebinding Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-346 8.8AIHighAI2026-01-12
CVE-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability — MLflowCWE-521 9.8AICriticalAI2025-10-29
CVE-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability — MLflowCWE-22 9.8AICriticalAI2025-10-29
CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow — mlflow/mlflowCWE-410 7.5 -2025-03-20
CVE-2025-1473 CSRF in mlflow/mlflow — mlflow/mlflowCWE-352 8.8 -2025-03-20
CVE-2025-1474 Weak Password Requirements in mlflow/mlflow — mlflow/mlflowCWE-521 9.8 -2025-03-20
CVE-2024-8859 Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-29 7.5 -2025-03-20
CVE-2024-6838 Uncontrolled Resource Consumption in mlflow/mlflow — mlflow/mlflowCWE-400 8.2 -2025-03-20
CVE-2024-2928 Local File Inclusion (LFI) via URI Fragment Parsing in mlflow/mlflow — mlflow/mlflowCWE-29 7.5AIHighAI2024-06-06
CVE-2024-0520 Remote Code Execution due to Full Controlled File Write in mlflow/mlflow — mlflow/mlflowCWE-22 9.8AICriticalAI2024-06-06
CVE-2024-3099 Denial of Service and Data Model Poisoning via URL Encoding in mlflow/mlflow — mlflow/mlflowCWE-475 8.1AIHighAI2024-06-06
CVE-2024-37061 MLflow 安全漏洞 — MLflowCWE-94 8.8 High2024-06-04
CVE-2024-37060 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37059 Mlflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37058 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37057 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37056 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37055 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04

This page lists every published CVE security advisory associated with MLflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.