Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1231 matches found

OSV
OSVadded 2025/03/20 12:32 p.m.1 views

GHSA-Q3GW-8236-5JW4 MLflow Uncontrolled Resource Consumption vulnerability

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS5.9AI score0.00572EPSS
Exploits1References3
vulnersOsv
vulnersOsvadded 2025/03/20 10:47 a.m.5 views

autonomize-model-sdk (=1.0.4), autorad (=0.2.6) +43 more potentially affected by CVE-2024-8859 via mlflow (>=2.0.0rc0 <=2.17.0)

mlflow PYPI version =2.0.0rc0, =0.1.3, =1.2.0, =0.8.0, =0.0.10, =0.0.41, =1.0.0, =0.0.1, =0.1.0, =0.1.5, =1.10.2, =0.1.2, =1.2.7, =0.1.0, =0.2.13 and more Source cves: CVE-2024-8859 Source advisory: SNYK:PYTHON-MLFLOW-9486462...

7.5CVSS7AI score0.02407EPSS
Exploits1
Snyk
Snykadded 2025/03/20 10:47 a.m.2 views

Relative Path Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Relative Path Traversal in the...

7.7CVSS6.9AI score0.02407EPSS
Exploits1References2
PyPA
PyPAadded 2025/03/20 10:15 a.m.7 views

PYSEC-2025-17

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

5.5CVSS6.7AI score0.00312EPSS
Exploits1References4Affected Software1
vulnersOsv
vulnersOsvadded 2025/03/20 10:15 a.m.3 views

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +190 more potentially affected by CVE-2025-1474 via mlflow (>=0.8.2 <=2.18.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.0.1, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =3.3.0 and more Source cves: CVE-2025-1474 Source advisory: OSV:PYSEC-2025-17...

5.5CVSS5.8AI score0.00312EPSS
Exploits1
OSV
OSVadded 2025/03/20 10:15 a.m.13 views

PYSEC-2025-17

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

5.5CVSS5.2AI score0.00312EPSS
Exploits1References4
OSV
OSVadded 2025/03/20 10:15 a.m.5 views

CVE-2025-1474

In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to security risks, as accounts without passwords may be susceptible to unauthorized access. Additionally, this issue violates best practices for secure user accou...

5.5CVSS6.9AI score
Exploits0References2
OSV
OSVadded 2025/03/20 10:15 a.m.8 views

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

7.5CVSS7AI score
Exploits0References1
OSV
OSVadded 2025/03/20 10:15 a.m.4 views

CVE-2025-1473

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

7.1CVSS7.1AI score
Exploits0References2
NVD
NVDadded 2025/03/20 10:15 a.m.24 views

CVE-2025-0453

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

7.5CVSS0.00481EPSS
Exploits1References1
NVD
NVDadded 2025/03/20 10:15 a.m.9 views

CVE-2025-1473

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

7.1CVSS0.00195EPSS
Exploits1References2
OSV
OSVadded 2025/03/20 10:15 a.m.5 views

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS6.9AI score
Exploits0References2
NVD
NVDadded 2025/03/20 10:15 a.m.5 views

CVE-2024-8859

A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...

7.5CVSS0.02407EPSS
Exploits1References2
OSV
OSVadded 2025/03/20 10:15 a.m.6 views

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS7AI score
Exploits0References1
NVD
NVDadded 2025/03/20 10:15 a.m.20 views

CVE-2024-6838

In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of integers in its name due to the lack of a limit on the experiment name. This can cause the MLflow UI panel to become unresponsive, leading to a potential denial of...

5.3CVSS0.00572EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/03/20 10:11 a.m.11 views

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

5.9CVSS5.7AI score0.00481EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/03/20 10:11 a.m.16 views

CVE-2025-0453 Denial of Service through Batched Queries in GraphQL in mlflow/mlflow

In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to a denial of service attack. An attacker can create large batches of queries that repeatedly request all runs from a given experiment. This can tie up all the workers allocated by MLFlow, rendering the application unable to...

5.9CVSS0.00481EPSS
Exploits1References1
CVE
CVEadded 2025/03/20 10:11 a.m.88 views

CVE-2025-0453

CVE-2025-0453 : In mlflow/mlflow version 2.17.2, the /graphql endpoint is vulnerable to denial of service via large batches of queries that repeatedly request all runs from a given experiment, causing uncontrolled resource consumption and making the application unresponsive. The issue is document...

7.5CVSS5.7AI score0.00481EPSS
Exploits1References1Affected Software1
Cvelist
Cvelistadded 2025/03/20 10:10 a.m.9 views

CVE-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

5.4CVSS0.00195EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2025/03/20 10:10 a.m.3 views

CVE-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

5.4CVSS5.5AI score0.00195EPSS
Exploits1References2
Rows per page
Query Builder