Lfprojects
AI Threat Alert tracks 49 known AI/ML vulnerabilities affecting Lfprojects products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Lfprojects CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-27132 | MLflow: XSS in recipes enables client-side RCE | mlflow | 9.6 |
| CRITICAL | CVE-2024-27133 | MLflow: XSS in recipe runner enables Jupyter RCE | mlflow | 9.6 |
| HIGH | CVE-2024-1483 | MLflow: path traversal exposes arbitrary server files | mlflow | 7.5 |
| HIGH | CVE-2024-1558 | MLflow: path traversal enables arbitrary file read | mlflow | 7.5 |
| HIGH | CVE-2024-1560 | MLflow: path traversal allows arbitrary directory deletion | mlflow | 8.1 |
| HIGH | CVE-2024-1593 | MLflow: path traversal via ';' smuggling exposes files | mlflow | 7.5 |
| HIGH | CVE-2024-1594 | MLflow: path traversal via URI fragment reads arbitrary files | mlflow | 7.5 |
| CRITICAL | CVE-2024-3573 | MLflow: LFI via URI parsing allows arbitrary file read | mlflow | 9.3 |
| HIGH | CVE-2024-3848 | MLflow: URL fragment bypass leaks SSH and cloud keys | mlflow | 7.5 |
| MEDIUM | CVE-2024-4263 | MLflow: broken access control allows artifact deletion | mlflow | 5.4 |
| HIGH | CVE-2024-37052 | MLflow: RCE via malicious scikit-learn model upload | mlflow | 8.8 |
| HIGH | CVE-2024-37053 | MLflow: RCE via malicious scikit-learn model deserialization | mlflow | 8.8 |
| HIGH | CVE-2024-37054 | MLflow: deserialization RCE via malicious PyFunc model | mlflow | 8.8 |
| HIGH | CVE-2024-37055 | MLflow: RCE via pmdarima model deserialization | mlflow | 8.8 |
| HIGH | CVE-2024-37056 | MLflow: RCE via LightGBM model deserialization | mlflow | 8.8 |
| HIGH | CVE-2024-37060 | MLflow: RCE via deserialization in crafted Recipes | mlflow | 8.8 |
| HIGH | CVE-2024-37061 | MLflow: RCE via malicious MLproject file execution | mlflow | 8.8 |
| HIGH | CVE-2024-0520 | MLflow: path traversal enables RCE via dataset loading | mlflow | 8.8 |
| HIGH | CVE-2024-2928 | MLflow: URI fragment LFI exposes arbitrary files | mlflow | 7.5 |
| MEDIUM | CVE-2024-3099 | MLflow: URL encoding bypass enables model poisoning | mlflow | 5.4 |
Frequently asked questions
How many known vulnerabilities affect Lfprojects?
49 AI/ML CVEs affecting Lfprojects products are tracked, sourced from NVD and GitHub Advisory.
What Lfprojects products are affected?
The CVEs below map to the Lfprojects AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Lfprojects vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Lfprojects for new vulnerabilities?
AI Threat Alert tracks Lfprojects continuously; a Pro subscription adds breaking alerts when new CVEs affecting Lfprojects are published.
How do I assess Lfprojects's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Lfprojects issues first and judge the exposure for your stack.