AI Threat Alert
MLflow
pip MLOps65
Total CVEs
14
Critical
pip
Ecosystem
Mar 18, 2026
Last CVE
Known Vulnerabilities (30+ shown)
Severity CVE ID Summary CVSS Published
CRITICAL CVE-2025-15379 MLflow: RCE via unsanitized model dependency specs 10.0 Mar 30, 2026 CRITICAL CVE-2025-15036 MLflow: path traversal enables sandbox escape, file overwrite 9.6 Mar 30, 2026 HIGH CVE-2025-15381 MLflow: broken access control exposes experiment traces 8.1 Mar 27, 2026 CRITICAL CVE-2025-15031 mlflow: Path Traversal enables file access 9.1 Mar 18, 2026 HIGH CVE-2025-14287 mlflow: Code Injection enables RCE 7.5 Mar 16, 2026 CRITICAL CVE-2026-2635 mlflow: security flaw enables exploitation 9.8 Feb 20, 2026 HIGH CVE-2026-2033 mlflow: Path Traversal enables file access 8.1 Feb 20, 2026 HIGH CVE-2025-10279 mlflow: security flaw enables exploitation 7.0 Feb 2, 2026 HIGH CVE-2025-14279 mlflow: security flaw enables exploitation 8.1 Jan 12, 2026 CRITICAL CVE-2025-11201 mlflow: Path Traversal enables file access 9.8 Oct 29, 2025 CRITICAL CVE-2025-11201 mlflow: Path Traversal enables file access 9.8 Oct 29, 2025 CRITICAL CVE-2025-11200 mlflow: security flaw enables exploitation 9.8 Oct 29, 2025 CRITICAL CVE-2025-11200 mlflow: security flaw enables exploitation 9.8 Oct 29, 2025 MEDIUM CVE-2025-52967 MLflow: unauthenticated SSRF in gateway proxy 5.8 Jun 23, 2025 MEDIUM CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 Mar 20, 2025 MEDIUM CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 Mar 20, 2025 HIGH CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 Mar 20, 2025 HIGH CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 Mar 20, 2025 HIGH CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 Mar 20, 2025 HIGH CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 Mar 20, 2025 HIGH CVE-2024-8859 MLflow: path traversal allows arbitrary file read via DBFS 7.5 Mar 20, 2025 HIGH CVE-2024-8859 MLflow: path traversal allows arbitrary file read via DBFS 7.5 Mar 20, 2025 MEDIUM CVE-2024-6838 MLflow: unconstrained input causes UI denial of service 5.3 Mar 20, 2025 MEDIUM CVE-2024-6838 MLflow: unconstrained input causes UI denial of service 5.3 Mar 20, 2025 HIGH CVE-2024-27134 MLflow: local privilege escalation via spark_udf ToCToU 7.0 Nov 25, 2024 HIGH CVE-2024-27134 MLflow: local privilege escalation via spark_udf ToCToU 7.0 Nov 25, 2024 MEDIUM CVE-2024-3099 MLflow: URL encoding bypass enables model poisoning 5.4 Jun 6, 2024 HIGH CVE-2024-2928 MLflow: URI fragment LFI exposes arbitrary files 7.5 Jun 6, 2024 HIGH CVE-2024-0520 MLflow: path traversal enables RCE via dataset loading 8.8 Jun 6, 2024 HIGH CVE-2024-37061 MLflow: RCE via malicious MLproject file execution 8.8 Jun 4, 2024 Monitor MLflow in your stack
Get instant alerts when new vulnerabilities affect MLflow. CISO analysis, ATLAS technique mappings, and compliance reports included.
Start Monitoring