Lfprojects
AI Threat Alert tracks 49 known AI/ML vulnerabilities affecting Lfprojects products — each enriched with CVSS severity, EPSS exploit probability, patch status, and CISO-grade analysis. Browse every Lfprojects CVE below, sorted by severity and recency.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-27134 | MLflow: local privilege escalation via spark_udf ToCToU | mlflow | 7.0 |
| MEDIUM | CVE-2024-6838 | MLflow: unconstrained input causes UI denial of service | mlflow | 5.3 |
| HIGH | CVE-2024-8859 | MLflow: path traversal allows arbitrary file read via DBFS | mlflow | 7.5 |
| HIGH | CVE-2025-0453 | MLflow: GraphQL DoS disables ML tracking server | mlflow | 7.5 |
| HIGH | CVE-2025-1473 | MLflow: CSRF in signup allows rogue account creation | mlflow | 7.1 |
| MEDIUM | CVE-2025-1474 | MLflow: passwordless accounts enable persistent backdoor | mlflow | 5.5 |
| CRITICAL | CVE-2025-11200 | mlflow: security flaw enables exploitation | mlflow | 9.8 |
| CRITICAL | CVE-2025-11201 | mlflow: Path Traversal enables file access | mlflow | 9.8 |
| HIGH | CVE-2026-0621 | mcp_typescript_sdk: security flaw enables exploitation | 7.5 |
Page 3 of 3
Frequently asked questions
How many known vulnerabilities affect Lfprojects?
49 AI/ML CVEs affecting Lfprojects products are tracked, sourced from NVD and GitHub Advisory.
What Lfprojects products are affected?
The CVEs below map to the Lfprojects AI/ML packages and tools tracked by AI Threat Alert; open any CVE to see the affected components and versions.
Where does the Lfprojects vulnerability data come from?
Data is sourced from NVD and GitHub Advisory, then enriched with CVSS severity, EPSS exploit probability, and patch status for each CVE.
How can I monitor Lfprojects for new vulnerabilities?
AI Threat Alert tracks Lfprojects continuously; a Pro subscription adds breaking alerts when new CVEs affecting Lfprojects are published.
How do I assess Lfprojects's security exposure?
Each CVE below carries CVSS severity and exploitation signals, so you can review the highest-severity Lfprojects issues first and judge the exposure for your stack.