AI Component

Training Data

Training data vulnerabilities involve poisoned datasets, data theft, privacy violations in training corpora, and unauthorized use of copyrighted or sensitive data in model training.

162

Total CVEs

Pages

Page 6 of 9

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2024-27132	MLflow: XSS in recipes enables client-side RCE	mlflow	9.6
HIGH	CVE-2024-1483	MLflow: path traversal exposes arbitrary server files	mlflow	7.5
HIGH	CVE-2024-1560	MLflow: path traversal allows arbitrary directory deletion	mlflow	8.1
HIGH	CVE-2024-1593	MLflow: path traversal via ';' smuggling exposes files	mlflow	7.5
HIGH	CVE-2024-1594	MLflow: path traversal via URI fragment reads arbitrary files	mlflow	7.5
MEDIUM	CVE-2024-4263	MLflow: broken access control allows artifact deletion	mlflow	5.4
HIGH	CVE-2024-37060	MLflow: RCE via deserialization in crafted Recipes	mlflow	8.8
HIGH	CVE-2024-37061	MLflow: RCE via malicious MLproject file execution	mlflow	8.8
HIGH	CVE-2024-0520	MLflow: path traversal enables RCE via dataset loading	mlflow	8.8
HIGH	CVE-2024-2928	MLflow: URI fragment LFI exposes arbitrary files	mlflow	7.5
HIGH	CVE-2024-27134	MLflow: local privilege escalation via spark_udf ToCToU	mlflow	7.0
HIGH	CVE-2024-8859	MLflow: path traversal allows arbitrary file read via DBFS	mlflow	7.5
HIGH	CVE-2025-1473	MLflow: CSRF in signup allows rogue account creation	mlflow	7.1
MEDIUM	CVE-2025-1474	MLflow: passwordless accounts enable persistent backdoor	mlflow	5.5
CRITICAL	CVE-2025-11200	mlflow: security flaw enables exploitation	mlflow	9.8
HIGH	CVE-2025-10279	mlflow: security flaw enables exploitation	mlflow	7.0
MEDIUM	CVE-2023-2800	Transformers: temp file race condition allows local DoS	transformers	4.7
HIGH	CVE-2025-33213	NVIDIA: Deserialization enables RCE		8.8
HIGH	CVE-2025-33233	NVIDIA: Code Injection enables RCE		7.8
CRITICAL	CVE-2024-52803	LlamaFactory: RCE via OS command injection in training	llamafactory	9.8

Page 6 of 9

Previous Next

Related AI Components

Framework API Agent Model Inference RAG

Training Data

Related AI Components

Weekly CISO Take + top threats