Symlink Attack

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Symlink Attack due to insufficient validation that artifact paths...

abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +694 more potentially affected by unknown CVE via mlflow (>=3.0.0rc2 <=3.6.0rc0)

mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =0.20.9, =0.21.10 and more Source cves: unknown CVE Source advisory: SNYK:PYTHON-MLFLOW-14806999...

SQL Injection

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to SQL Injection due to unsafe construction of SQL statements in the...

Command Injection via Malicious Model Artifacts

A command injection vulnerability exists in MLflow's model serving container initialization code. When deploying a model with envmanager=LOCAL, MLflow reads dependency specifications from the model artifact's pythonenv.yaml file and directly interpolates them into a shell command without...

MLflow Tarfile Path traversal in mlflow/mlflow

Description Vulnerability Report: Unsafe Tar Extraction Path Traversal Due to the lack of path traversal verification in the tar decompression part, it may lead to the possibility of overwriting any file or gaining elevated privileges. This is a non-expected vulnerability. Location File:...

Weak Password Requirements

MLflow is vulnerable to Weak Password Requirements. The vulnerability is due to weak password requirements in the authentication mechanism, which allows an attacker to bypass authentication and gain unauthorized access to the system...

MLflow SageMaker Command Injection Vulnerability

Description The vulnerability exists in /mlflow/sagemaker/init.py at lines 161-167, where user-supplied container image names are directly interpolated into shell commands without proper sanitization before being passed to os.system. Vulnerable Code Path : CLI Input --container parameter ↓...

CVE-2025-66034 vulnerabilities

Vulnerabilities for packages: mlflow, tensorflow-cpu-jupyter, open-webui...

GHSA-768J-98CG-P3FV vulnerabilities

Vulnerabilities for packages: mlflow, tensorflow-cpu-jupyter, open-webui...

CVE-2025-66034 vulnerabilities

Vulnerabilities for packages: open-webui, tensorflow-gpu-jupyter, mlflow, tensorflow-cpu-jupyter...

GHSA-768J-98CG-P3FV vulnerabilities

Vulnerabilities for packages: open-webui, tensorflow-gpu-jupyter, mlflow, tensorflow-cpu-jupyter...

BIT-MLFLOW-2025-11201 MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...

BIT-MLFLOW-2025-11200 MLflow Weak Password Requirements Authentication Bypass Vulnerability

MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of MLflow. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of passwords...

CVE-2025-62727 vulnerabilities

Vulnerabilities for packages: kserve, k8s-sidecar, reflex, mlflow, open-webui...

GHSA-7F5H-V6XP-FCQ8 vulnerabilities

Vulnerabilities for packages: kserve, k8s-sidecar, reflex, mlflow, open-webui...

CVE-2025-62727 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, open-webui, reflex, mlflow, nemo, kserve, airflow-core...

GHSA-7F5H-V6XP-FCQ8 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, open-webui, reflex, mlflow, nemo, kserve, airflow-core...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +218 more potentially affected by CVE-2025-11200 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11200 Source advisory: OSV:GHSA-6XJ8-RRQX-R4CV...

GHSA-5CVJ-7RG6-JGGJ MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability

MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MLflow Tracking Server. Authentication is not required to exploit this vulnerability. The specific flaw...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +219 more potentially affected by CVE-2025-11201 via mlflow (>=0.8.2 <=2.22.2)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11201 Source advisory: OSV:GHSA-5CVJ-7RG6-JGGJ...