AI Threat Alert

Lfprojects

49 AI/ML vulnerabilities tracked for Lfprojects.

49

Total CVEs

3

Pages

Page 1 of 3

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2024-37057	MLflow: RCE via malicious TensorFlow model deserialization	mlflow	8.8
HIGH	CVE-2024-37059	MLflow: RCE via malicious PyTorch model deserialization	mlflow	8.8
HIGH	CVE-2024-37058	MLflow: RCE via malicious LangChain model deserialization	mlflow	8.8
HIGH	CVE-2022-0736	MLflow: insecure temp file handling causes DoS	mlflow	7.5
LOW	CVE-2023-1176	MLflow: path traversal exposes arbitrary local files	mlflow	3.3
CRITICAL	CVE-2023-1177	MLflow: path traversal allows arbitrary file read/write	mlflow	9.8
HIGH	CVE-2023-2356	MLflow: path traversal allows unauthenticated file read	mlflow	7.5
HIGH	CVE-2023-30172	MLflow: path traversal exposes arbitrary server files	mlflow	7.5
CRITICAL	CVE-2023-2780	MLflow: path traversal allows arbitrary file read/write	mlflow	9.8
CRITICAL	CVE-2023-3765	MLflow: path traversal allows arbitrary file read	mlflow	10.0
HIGH	CVE-2023-4033	MLflow: OS command injection enables local code execution	mlflow	7.8
HIGH	CVE-2023-6015	MLflow: unauthenticated arbitrary file write via PUT	mlflow	7.5
CRITICAL	CVE-2023-6018	MLflow: unauth file overwrite enables model poisoning	mlflow	9.8
CRITICAL	CVE-2023-6014	MLflow: auth bypass allows arbitrary account creation	mlflow	9.8
HIGH	CVE-2023-43472	MLflow: unauth REST API leaks sensitive ML data	mlflow	7.5
MEDIUM	CVE-2023-6568	MLflow: reflected XSS via Content-Type header injection	mlflow	6.1
HIGH	CVE-2023-6709	MLflow: SSTI enables RCE in ML experiment tracking	mlflow	8.8
HIGH	CVE-2023-6753	MLflow: path traversal exposes arbitrary file read/write	mlflow	8.8
HIGH	CVE-2023-6831	MLflow: path traversal allows arbitrary file write	mlflow	8.1
HIGH	CVE-2023-6909	MLflow: path traversal exposes arbitrary files (no auth)	mlflow	7.5

Page 1 of 3