Lfprojects
AI Threat Alert tracks 49 known AI/ML vulnerabilities affecting Lfprojects products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Lfprojects CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-37057 | MLflow: RCE via malicious TensorFlow model deserialization | mlflow | 8.8 |
| HIGH | CVE-2024-37059 | MLflow: RCE via malicious PyTorch model deserialization | mlflow | 8.8 |
| HIGH | CVE-2024-37058 | MLflow: RCE via malicious LangChain model deserialization | mlflow | 8.8 |
| HIGH | CVE-2022-0736 | MLflow: insecure temp file handling causes DoS | mlflow | 7.5 |
| LOW | CVE-2023-1176 | MLflow: path traversal exposes arbitrary local files | mlflow | 3.3 |
| CRITICAL | CVE-2023-1177 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| HIGH | CVE-2023-2356 | MLflow: path traversal allows unauthenticated file read | mlflow | 7.5 |
| HIGH | CVE-2023-30172 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| CRITICAL | CVE-2023-2780 | MLflow: path traversal allows arbitrary file read/write | mlflow | 9.8 |
| CRITICAL | CVE-2023-3765 | MLflow: path traversal allows arbitrary file read | mlflow | 10.0 |
| HIGH | CVE-2023-4033 | MLflow: OS command injection enables local code execution | mlflow | 7.8 |
| HIGH | CVE-2023-6015 | MLflow: unauthenticated arbitrary file write via PUT | mlflow | 7.5 |
| CRITICAL | CVE-2023-6018 | MLflow: unauth file overwrite enables model poisoning | mlflow | 9.8 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2023-43472 | MLflow: unauth REST API leaks sensitive ML data | mlflow | 7.5 |
| MEDIUM | CVE-2023-6568 | MLflow: reflected XSS via Content-Type header injection | mlflow | 6.1 |
| HIGH | CVE-2023-6709 | MLflow: SSTI enables RCE in ML experiment tracking | mlflow | 8.8 |
| HIGH | CVE-2023-6753 | MLflow: path traversal exposes arbitrary file read/write | mlflow | 8.8 |
| HIGH | CVE-2023-6831 | MLflow: path traversal allows arbitrary file write | mlflow | 8.1 |
| HIGH | CVE-2023-6909 | MLflow: path traversal exposes arbitrary files (no auth) | mlflow | 7.5 |
Page 1 of 3
Frequently asked questions
How many known vulnerabilities affect Lfprojects?
49 AI/ML CVEs affecting Lfprojects products are tracked, sourced from NVD and GitHub Advisory.
What Lfprojects products are affected?
The CVEs below map to the Lfprojects AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Lfprojects vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Lfprojects for new vulnerabilities?
AI Threat Alert tracks Lfprojects continuously; a Pro subscription adds breaking alerts when new CVEs affecting Lfprojects are published.
How do I assess Lfprojects's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Lfprojects issues first and judge the exposure for your stack.