MLflow Vulnerabilities

pip MLOps

AI Threat Alert tracks 74 known vulnerabilities in MLflow, 18 rated critical — an AI/ML mlops in the pip ecosystem. Each CVE includes CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis.

Data sources
81
Risk Score
74
Total CVEs
18
Critical
pip
Ecosystem
Jul 2, 2026
Last CVE
31%
Patch Rate
76d
Avg Time to Patch
26,749 stars 5,915 forks 2,012 issues 655 dependents Last push Jun 27, 2026
View on GitHub
OpenSSF Scorecard 5.4/10

Known Vulnerabilities (74 total, page 2 of 3)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2025-11201 mlflow: Path Traversal enables file access 9.8 Oct 29, 2025 CRITICAL CVE-2025-11200 mlflow: security flaw enables exploitation 9.8 Oct 29, 2025 MEDIUM CVE-2025-52967 MLflow: unauthenticated SSRF in gateway proxy 5.8 Jun 23, 2025 MEDIUM CVE-2025-1474 MLflow: passwordless accounts enable persistent backdoor 5.5 Mar 20, 2025 HIGH CVE-2025-1473 MLflow: CSRF in signup allows rogue account creation 7.1 Mar 20, 2025 HIGH CVE-2025-0453 MLflow: GraphQL DoS disables ML tracking server 7.5 Mar 20, 2025 HIGH CVE-2024-8859 MLflow: path traversal allows arbitrary file read via DBFS 7.5 Mar 20, 2025 MEDIUM CVE-2024-6838 MLflow: unconstrained input causes UI denial of service 5.3 Mar 20, 2025 HIGH CVE-2024-27134 MLflow: local privilege escalation via spark_udf ToCToU 7.0 Nov 25, 2024 MEDIUM CVE-2024-3099 MLflow: URL encoding bypass enables model poisoning 5.4 Jun 6, 2024 HIGH CVE-2024-2928 MLflow: URI fragment LFI exposes arbitrary files 7.5 Jun 6, 2024 HIGH CVE-2024-0520 MLflow: path traversal enables RCE via dataset loading 8.8 Jun 6, 2024 HIGH CVE-2024-37061 MLflow: RCE via malicious MLproject file execution 8.8 Jun 4, 2024 HIGH CVE-2024-37060 MLflow: RCE via deserialization in crafted Recipes 8.8 Jun 4, 2024 HIGH CVE-2024-37059 MLflow: RCE via malicious PyTorch model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37058 MLflow: RCE via malicious LangChain model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37057 MLflow: RCE via malicious TensorFlow model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37056 MLflow: RCE via LightGBM model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37055 MLflow: RCE via pmdarima model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37054 MLflow: deserialization RCE via malicious PyFunc model 8.8 Jun 4, 2024 HIGH CVE-2024-37053 MLflow: RCE via malicious scikit-learn model deserialization 8.8 Jun 4, 2024 HIGH CVE-2024-37052 MLflow: RCE via malicious scikit-learn model upload 8.8 Jun 4, 2024 MEDIUM CVE-2024-4263 MLflow: broken access control allows artifact deletion 5.4 May 16, 2024 HIGH CVE-2024-3848 MLflow: URL fragment bypass leaks SSH and cloud keys 7.5 May 16, 2024 CRITICAL CVE-2024-3573 MLflow: LFI via URI parsing allows arbitrary file read 9.3 Apr 16, 2024

Showing 26–50 of 74

Frequently asked questions

What is MLflow?

MLflow is an AI/ML mlops tracked by AI Threat Alert for security vulnerabilities in the pip ecosystem.

How many known vulnerabilities does MLflow have?

MLflow has 74 known CVEs, 18 of them critical, tracked from NVD and GitHub Advisory.

Which ecosystem is MLflow distributed in?

MLflow is distributed via the pip ecosystem and categorized as mlops.

Where does the MLflow vulnerability data come from?

Vulnerability data is sourced from NVD and GitHub Advisory, enriched with CVSS, EPSS, exploit signals, and patch status for each CVE.

How do I assess the risk of MLflow?

Review each CVE below — every entry shows CVSS severity, EPSS exploit probability, exploitation signals, and whether a patched version is available.

Monitor MLflow in your stack

Get instant alerts when new vulnerabilities affect MLflow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring