CVE-2025-15036 — CVSS 10.0 (critical): A path traversal vulnerability exists in the `extract_archive_to_dir` function within the `mlflow/pyfunc/dbconnect_artifact_cache.py` file…
CVE-2023-6975 — CVSS 9.8 (critical): A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.
CVE-2026-0545 — CVSS 9.8 (critical): In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the…
CVE-2025-15379 — CVSS 9.8 (critical): A command injection vulnerability exists in MLflow's model serving container initialization code, specifically in the…
CVE-2025-11200 — CVSS 9.8 (critical): MLflow Weak Password Requirements Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication…
CVE-2023-6014 — CVSS 9.8 (critical): An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVE-2025-11201 — CVSS 9.8 (critical): MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers…
CVE-2023-6974 — CVSS 9.8 (critical): A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get…
CVE-2026-2611 — CVSS 9.6 (critical): In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability…
CVE-2024-3573 — CVSS 9.3 (critical): mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read…
CVE-2025-15031 — CVSS 9.1 (critical): A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries…
CVE-2026-2651 — CVSS 9.0 (critical): A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the…
CVE-2024-37054 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.9.0 or newer, enabling a maliciously…
CVE-2024-37052 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously…
CVE-2024-37053 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.1.0 or newer, enabling a maliciously…
CVE-2023-6709 — CVSS 8.8 (high): Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository mlflow/mlflow prior to 2.9.2.
CVE-2025-14287 — CVSS 8.8 (high): A command injection vulnerability exists in mlflow/mlflow versions before v3.7.0, specifically in the `mlflow/sagemaker/__init__.py` file…
CVE-2023-6940 — CVSS 8.8 (high): with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.
CVE-2023-6976 — CVSS 8.8 (high): This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server…
CVE-2024-0520 — CVSS 8.8 (high): A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in…
CVE-2024-37061 — CVSS 8.8 (high): Remote Code Execution can occur in versions of the MLflow platform running version 1.11.0 or newer, enabling a maliciously crafted…
CVE-2024-37060 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.27.0 or newer, enabling a maliciously…
CVE-2024-37059 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 0.5.0 or newer, enabling a maliciously…
CVE-2024-37058 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.5.0 or newer, enabling a maliciously…
CVE-2024-37057 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 2.0.0rc0 or newer, enabling a maliciously…
CVE-2024-37056 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.23.0 or newer, enabling a maliciously…
CVE-2024-37055 — CVSS 8.8 (high): Deserialization of untrusted data can occur in versions of the MLflow platform running version 1.24.0 or newer, enabling a maliciously…
CVE-2026-2652 — CVSS 8.6 (high): A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is…
CVE-2026-8147 — CVSS 8.1 (high): In MLflow versions prior to 3.14.0, when running with authentication enabled, the trace API endpoints lack proper authorization validators…
CVE-2024-1560 — CVSS 8.1 (high): A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers…
CVE-2025-14279 — CVSS 8.1 (high): MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow…
CVE-2026-0596 — CVSS 7.8 (high): A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded…
CVE-2026-4137 — CVSS 7.8 (high): In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary…
CVE-2026-4035 — CVSS 7.7 (high): A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which…
CVE-2024-1593 — CVSS 7.5 (high): A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path…
CVE-2024-1558 — CVSS 7.5 (high): A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow…
CVE-2024-3848 — CVSS 7.5 (high): A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909…
CVE-2024-8859 — CVSS 7.5 (high): A path traversal vulnerability exists in mlflow/mlflow version 2.15.1. When users configure and use the dbfs service, concatenating the URL…
CVE-2025-0453 — CVSS 7.5 (high): In mlflow/mlflow version 2.17.2, the `/graphql` endpoint is vulnerable to a denial of service attack. An attacker can create large batches…
CVE-2024-1483 — CVSS 7.5 (high): A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By…
CVE-2023-30172 — CVSS 7.5 (high): A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary…
CVE-2024-27133 — CVSS 7.5 (high): Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side…
CVE-2024-27132 — CVSS 7.5 (high): Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an…
CVE-2024-1594 — CVSS 7.5 (high): A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location`…
CVE-2024-2928 — CVSS 7.5 (high): A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version…
CVE-2023-43472 — CVSS 7.5 (high): An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST API.
CVE-2026-2614 — CVSS 7.5 (high): A vulnerability in the `_create_model_version()` handler of `mlflow/server/handlers.py` in mlflow/mlflow versions 3.9.0 and earlier allows…
CVE-2026-2393 — CVSS 7.1 (high): A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in…
CVE-2025-1473 — CVSS 7.1 (high): A Cross-Site Request Forgery (CSRF) vulnerability exists in the Signup feature of mlflow/mlflow versions 2.17.0 to 2.20.1. This…
CVE-2025-15381 — CVSS 7.1 (high): In the latest version of mlflow/mlflow, when the `basic-auth` app is enabled, tracing and assessment endpoints are not protected by…
CVE-2025-10279 — CVSS 7.0 (high): In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable…
CVE-2024-27134 — CVSS 7.0 (high): Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a…
CVE-2026-3198 — CVSS 6.5 (medium): MLflow 3.9.0 with basic-auth (`--app-name basic-auth`) fails to enforce authorization checks for multiple Gateway API 'list' endpoints…
CVE-2026-2734 — CVSS 6.5 (medium): In mlflow/mlflow versions up to 3.9.0, the `SearchModelVersions` REST API endpoint and the `mlflowSearchModelVersions` GraphQL query lack…
CVE-2023-6568 — CVSS 6.1 (medium): A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the…
CVE-2025-1474 — CVSS 5.5 (medium): In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a password. This vulnerability could lead to…
CVE-2024-3099 — CVSS 5.4 (medium): A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding…
CVE-2026-33865 — CVSS 5.4 (medium): MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An…
CVE-2024-4263 — CVSS 5.4 (medium): A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions…
CVE-2024-6838 — CVSS 5.3 (medium): In mlflow/mlflow version v2.13.2, a vulnerability exists that allows the creation or renaming of an experiment with a large number of…
CVE-2026-13484 — CVSS 5.0 (medium): A vulnerability has been found in MLflow up to 4666cffc7912ea606d592fc38d6a75e2935f65e7. The impacted element is an unknown function of the…
CVE-2026-33866 — CVSS 4.3 (medium): MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing…
CVE-2026-10803 — CVSS 3.6 (low): A flaw has been found in MLflow up to 3.10.0. This issue affects the function mlflow.data.digest_utils of the file mlflow/data/digest_utils…