AI Threat Alert

Lfprojects

49 AI/ML vulnerabilities tracked for Lfprojects.

49

Total CVEs

3

Pages

Page 3 of 3

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2024-27134	MLflow: local privilege escalation via spark_udf ToCToU	mlflow	7.0
MEDIUM	CVE-2024-6838	MLflow: unconstrained input causes UI denial of service	mlflow	5.3
HIGH	CVE-2024-8859	MLflow: path traversal allows arbitrary file read via DBFS	mlflow	7.5
HIGH	CVE-2025-0453	MLflow: GraphQL DoS disables ML tracking server	mlflow	7.5
HIGH	CVE-2025-1473	MLflow: CSRF in signup allows rogue account creation	mlflow	7.1
MEDIUM	CVE-2025-1474	MLflow: passwordless accounts enable persistent backdoor	mlflow	5.5
CRITICAL	CVE-2025-11200	mlflow: security flaw enables exploitation	mlflow	9.8
CRITICAL	CVE-2025-11201	mlflow: Path Traversal enables file access	mlflow	9.8
HIGH	CVE-2026-0621	mcp_typescript_sdk: security flaw enables exploitation		7.5

Page 3 of 3