databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2025-10279 +1 more via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2025-10279, CVE-2026-4137 Source advisory: SNYK:PYTHON-MLFLOW-16756601...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2026-33866 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2026-33866 Source advisory: SNYK:PYTHON-MLFLOW-15923601...

databricks-agents (>=0.1.0 <=1.0.0rc1), datamint (>=2.5.0 <=2.5.2) +18 more potentially affected by CVE-2025-15381 via mlflow (>=3.0.0rc2 <=3.10.1)

mlflow PYPI version =3.0.0rc2, =0.1.0, =2.5.0, =7.1.1, =0.2.0, =3.10.1, =1.0.1, =1.0.1, =3.0.15, =0.2.0.dev0, =0.6.7, =0.1.19, =0.1.0, =0.1.8 and more Source cves: CVE-2025-15381 Source advisory: SNYK:PYTHON-MLFLOW-15870196...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +219 more potentially affected by CVE-2025-11201 via mlflow (>=0.8.2 <=2.22.2)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-11201 Source advisory: OSV:GHSA-5CVJ-7RG6-JGGJ...

EUVD-2024-0114

Malicious code in bioql PyPI...

Exploit for Deserialization of Untrusted Data in Lfprojects Mlflow

| / || |...

MLflow Cross-Site Request Forgery (CSRF) vulnerability

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +170 more potentially affected by CVE-2024-6838 via mlflow (>=0.8.2 <=2.13.2)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.1.3, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.3.8 and more Source cves: CVE-2024-6838 Source advisory: OSV:GHSA-Q3GW-8236-5JW4...

CVE-2025-1473

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

CVE-2025-1473 CSRF in mlflow/mlflow

A Cross-Site Request Forgery CSRF vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This vulnerability allows an attacker to create a new account, which may be used to perform unauthorized actions on behalf of the malicious user...

MLflow 跨站请求伪造漏洞

MLflow is an open source platform from MLflow that simplifies machine learning development, including tracking experiments, packaging code into repeatable runs, and sharing and deploying models. A cross-site request forgery vulnerability exists in MLflow versions 2.17.0 through 2.20.1, which stem...

PT-2025-7512 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow versions 2.17.0 through 2.20.1 Description: A Cross-Site Request Forgery CSRF issue exists in the Signup feature. This allows an attacker to create a new account, which can be used to perform unauthorized actions on behalf of th...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +159 more potentially affected by CVE-2024-3099 via mlflow (>=0.8.2 <=2.11.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-3099 Source advisory: OSV:GHSA-8F8Q-Q2J7-7J2M...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +159 more potentially affected by CVE-2024-2928 via mlflow (>=0.8.2 <=2.11.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-2928 Source advisory: OSV:PYSEC-2024-242...

a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +940 more potentially affected by CVE-2024-37059 via mlflow (>=0.8.2 <=3.4.0)

mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2024-37059 Source advisory: OSV:GHSA-WF7F-8FXF-XFXC...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +145 more potentially affected by CVE-2024-37052 via mlflow (>=1.20.0 <=2.14.1)

mlflow PYPI version =1.20.0, =0.1.0, =0.0.5, =0.1.2, =1.0.72, =0.0.1, =1.0.72.1, =0.2.5, =0.1.3, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-37052 Source advisory: OSV:GHSA-76CG-CFHX-373F...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +149 more potentially affected by CVE-2024-27133 via mlflow (>=0.8.2 <=2.0.1)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =3.0.0, =0.1.0, =0.2.0, =0.3.5, =0.8.0, =1.0.0 and more Source cves: CVE-2024-27133 Source advisory: OSV:PYSEC-2024-241...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +340 more potentially affected by CVE-2023-6977 via mlflow (>=0.8.2 <=2.9.1)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-6977 Source advisory: OSV:GHSA-QG8P-32GR-GH6X...

Mlflow Cross-Site Scripting Vulnerability

Mlflow is an open source platform for machine learning lifecycle. A cross-site scripting vulnerability exists in Mlflow versions prior to 2.9.0. An attacker exploiting this vulnerability could execute a cross-site scripting attack...

a2 (>=0.1.0 <=0.3.17), abnativ (>=1.1.0 <=1.2.9) +322 more potentially affected by CVE-2023-2780 via mlflow (>=0.8.2 <=2.3.0)

mlflow PYPI version =0.8.2, =0.1.0, =1.1.0, =0.0.5, =0.1.0, =0.1.0, =1.7.0, =1.7.0, =1.8.0, =1.7.0, =1.7.0, =0.1.1, =0.1.5 - anovos =1.1.0 and more Source cves: CVE-2023-2780 Source advisory: OSV:PYSEC-2023-69...