AI Threat Alert

MLflow Vulnerabilities

pip MLOps
81
Risk Score
68
Total CVEs
16
Critical
pip
Ecosystem
May 19, 2026
Last CVE
26%
Patch Rate
58d
Avg Time to Patch
25,968 stars 5,741 forks 2,088 issues 636 dependents Last push May 17, 2026
View on GitHub
OpenSSF Scorecard 4.6/10

Known Vulnerabilities (68 total, page 3 of 3)

Severity CVE ID Summary CVSS Published
CRITICAL CVE-2024-27132 MLflow: XSS in recipes enables client-side RCE 9.6 Feb 23, 2024 HIGH CVE-2023-6909 MLflow: path traversal exposes arbitrary files (no auth) 7.5 Dec 18, 2023 HIGH CVE-2023-6831 MLflow: path traversal allows arbitrary file write 8.1 Dec 15, 2023 HIGH CVE-2023-6753 MLflow: path traversal exposes arbitrary file read/write 8.8 Dec 13, 2023 HIGH CVE-2023-6709 MLflow: SSTI enables RCE in ML experiment tracking 8.8 Dec 12, 2023 MEDIUM CVE-2023-6568 MLflow: reflected XSS via Content-Type header injection 6.1 Dec 7, 2023 HIGH CVE-2023-43472 MLflow: unauth REST API leaks sensitive ML data 7.5 Dec 5, 2023 CRITICAL CVE-2023-6014 MLflow: auth bypass allows arbitrary account creation 9.8 Nov 16, 2023 CRITICAL CVE-2023-6018 MLflow: unauth file overwrite enables model poisoning 9.8 Nov 16, 2023 HIGH CVE-2023-6015 MLflow: unauthenticated arbitrary file write via PUT 7.5 Nov 16, 2023 HIGH CVE-2023-4033 MLflow: OS command injection enables local code execution 7.8 Aug 1, 2023 CRITICAL CVE-2023-3765 MLflow: path traversal allows arbitrary file read 10.0 Jul 19, 2023 CRITICAL CVE-2023-2780 MLflow: path traversal allows arbitrary file read/write 9.8 May 17, 2023 HIGH CVE-2023-30172 MLflow: path traversal exposes arbitrary server files 7.5 May 11, 2023 HIGH CVE-2023-2356 MLflow: path traversal allows unauthenticated file read 7.5 Apr 28, 2023 CRITICAL CVE-2023-1177 MLflow: path traversal allows arbitrary file read/write 9.8 Mar 24, 2023 LOW CVE-2023-1176 MLflow: path traversal exposes arbitrary local files 3.3 Mar 24, 2023 HIGH CVE-2022-0736 MLflow: insecure temp file handling causes DoS 7.5 Feb 23, 2022

Showing 51–68 of 68

← Previous

Monitor MLflow in your stack

Get instant alerts when new vulnerabilities affect MLflow. CISO analysis, ATLAS technique mappings, and compliance reports included.

Start Monitoring