mlflow vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-2651Criticalmlflow: MLflow allows unauthorized access to multipart upload endpoints when the `--serve-artifacts` mode…CVE-2026-2734Mediummlflow: MLflow authenticated users can enumerate any registered model versions due to lack of per-model…CVE-2026-2611Criticalmlflow: MLflow: Improper Origin Validation in MLflow Assistant /ajax-api Endpoints Enables Browser-Mediated…CVE-2026-4137Highmlflow: MLFlow Creates a Temporary File With Insecure Permissions CVE-2026-2652Highmlflow: MLflow: unauthenticated access to certain FastAPI routesCVE-2026-2614Highmlflow: MLflow allows an unauthenticated remote attacker to read arbitrary files from the server's…CVE-2026-2393Highmlflow: MLflow Has a Server-Side Request Forgery (SSRF) VulnerabilityCVE-2026-33866Mediummlflow: MLflow is vulnerable to an authorization bypass affecting the AJAX endpointCVE-2026-33865Mediummlflow: MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based…CVE-2026-0545Criticalmlflow: mlflow: FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or…CVE-2026-0596Criticalmlflow: Mlflow: Command Injection when serving models with enable_mlserver=TrueCVE-2025-15379Criticalmlflow: MLflow Command Injection vulnerabilityCVE-2025-15036Criticalmlflow: MLFlow path traversal vulnerabilityCVE-2025-15381Highmlflow: MLFlow allows Tracing + Assessments AccessCVE-2025-15031Highmlflow: Arbitrary file write via tar traversal in mlflowCVE-2025-14287Highmlflow: MLflow has a command injection in mlflow/sagemaker/__init__.pyCVE-2026-2635Criticalmlflow: MLflow Use of Default Password Authentication Bypass VulnerabilityCVE-2026-2033Highmlflow: MLflow Tracking Server Artifact Handler Directory Traversal Remote Code Execution VulnerabilityCVE-2025-10279Highmlflow: mlflow Creates of Temporary File in Directory with Insecure PermissionsCVE-2025-14279Highmlflow: MLFlow is vulnerable to DNS rebinding attacks due to a lack of Origin header validationCVE-2025-11200Highmlflow: MLflow Weak Password Requirements Authentication Bypass VulnerabilityCVE-2025-11201Highmlflow: MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution VulnerabilityCVE-2025-52967Mediummlflow: MLFlow SSRF via gateway_proxy_handlerCVE-2025-1473Mediummlflow: MLflow Cross-Site Request Forgery (CSRF) vulnerabilityCVE-2025-1474Lowmlflow: MLflow has Weak Password Requirements

Stop the waste.
Protect your environment with Kodem.