208 matches found
EUVD-2024-1956
Malicious code in bioql PyPI...
EUVD-2024-1966
Malicious code in bioql PyPI...
EUVD-2025-18888
Malicious code in bioql PyPI...
EUVD-2025-6836
Malicious code in bioql PyPI...
EUVD-2024-1979
Malicious code in bioql PyPI...
EUVD-2025-6960
Malicious code in bioql PyPI...
EUVD-2023-0156
Malicious code in bioql PyPI...
EUVD-2024-1934
Malicious code in bioql PyPI...
abadpour (>=6.13.1 <=7.24.1), abcli (>=9.273.1 <=9.572.1) +693 more potentially affected by CVE-2025-10279 via mlflow (>=3.0.0rc2 <=3.4.0)
mlflow PYPI version =3.0.0rc2, =6.13.1, =9.273.1, =2.0.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.1.0, =1.0.0, =0.1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-10279 Source advisory: SNYK:PYTHON-MLFLOW-15170849...
Exploit for Deserialization of Untrusted Data in Lfprojects Mlflow
| / || |...
BIT-MLFLOW-2025-1473 CSRF in mlflow/mlflow
A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...
BIT-MLFLOW-2024-8859 Path Traversal in mlflow/mlflow
A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL directly into the file protocol results in an arbitrary file read vulnerability. This issue occurs because only the path part of the URL is checked, while...
Server Side Request Forgery (SSRF)
mlflow is vulnerable to missing input validation. The vulnerability is due to missing validation of the gatewaypath parameter in the gatewayproxyhandler function, allowing an attacker to manipulate the request path to access unintended internal endpoints or services...
SSRF in MLflow via user-controlled gateway_path parameter
Description A Server-Side Request Forgery SSRF vulnerability exists in the gatewayproxyhandler function of MLflow. This function accepts a user-controlled gatewaypath parameter and concatenates it directly with a targeturi, allowing an attacker to control the full outbound HTTP request path from...
a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +217 more potentially affected by CVE-2025-52967 via mlflow (>=0.8.2 <=2.22.0)
mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...
MLFlow SSRF via gateway_proxy_handler
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...
GHSA-WXJ7-3FX5-PP9M MLFlow SSRF via gateway_proxy_handler
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...
PT-2025-26607
Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 3.1.0 Description: The issue is related to the gateway proxy handler in MLflow, which lacks gateway path validation. This could potentially lead to exploitation. Recommendations: For versions prior to 3.1.0, update to...
CVE-2025-52967
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...
CVE-2025-52967
gatewayproxyhandler in MLflow before 3.1.0 lacks gatewaypath validation...