Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

MLflow — Vulnerabilities & Security Advisories 61

Browse all 61 CVE security advisories affecting MLflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MLflow is an open-source platform designed for the machine learning lifecycle, facilitating experiment tracking, reproducibility, and deployment. Despite its utility, the software has accumulated sixty-one Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The most prevalent vulnerability classes involve server-side request forgery, insecure direct object references, and cross-site scripting, often stemming from inadequate input validation in its web interface. Additionally, several issues relate to improper access control, allowing unauthorized users to manipulate experiment data or execute arbitrary code through crafted requests. While no single catastrophic breach has publicly defined its history, the high volume of CVEs suggests systemic weaknesses in authentication and session management. These flaws primarily impact the integrity and confidentiality of machine learning workflows, requiring rigorous patching and secure configuration by administrators to mitigate risks associated with its widely adopted tracking and model serving components.

Top products by MLflow: mlflow/mlflow MLflow
CVE IDTitleCVSSSeverityPublished
CVE-2024-37054 MLflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37053 Mlflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-37052 Mlflow 安全漏洞 — MLflowCWE-502 8.8 High2024-06-04
CVE-2024-4263 Improper Access Control in mlflow/mlflow — mlflow/mlflowCWE-284 8.1AIHighAI2024-05-16
CVE-2024-3848 Path Traversal Bypass in mlflow/mlflow — mlflow/mlflowCWE-29 7.5AIHighAI2024-05-16
CVE-2024-3573 Local File Inclusion (LFI) via Scheme Confusion in mlflow/mlflow — mlflow/mlflowCWE-29 7.5 -2024-04-16
CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-22 7.5 -2024-04-16
CVE-2024-1558 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22 6.5 -2024-04-16
CVE-2024-1593 Path Traversal via Parameter Smuggling in mlflow/mlflow — mlflow/mlflowCWE-22 9.1 -2024-04-16
CVE-2024-1560 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22 7.5 -2024-04-16
CVE-2024-1483 Path Traversal Vulnerability in mlflow/mlflow — mlflow/mlflowCWE-22 7.5 -2024-04-16
CVE-2023-6977 Path Traversal: '\..\filename' — mlflow/mlflowCWE-29 6.5 -2023-12-20
CVE-2023-6976 Unrestricted Upload of File with Dangerous Type — mlflow/mlflowCWE-434 9.1 -2023-12-20
CVE-2023-6975 Path Traversal: '\..\filename' — mlflow/mlflowCWE-29 8.1 -2023-12-20
CVE-2023-6974 Server-Side Request Forgery (SSRF) — mlflow/mlflowCWE-918 9.8 -2023-12-20
CVE-2023-6940 Command Injection — mlflow/mlflowCWE-77 8.8 -2023-12-19
CVE-2023-6909 Path Traversal: '\..\filename' in mlflow/mlflow — mlflow/mlflowCWE-29 8.1AIHighAI2023-12-18
CVE-2023-6831 Path Traversal: '\..\filename' in mlflow/mlflow — mlflow/mlflowCWE-29 8.1 -2023-12-15
CVE-2023-6753 Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-22 8.1AIHighAI2023-12-13
CVE-2023-6709 Improper Neutralization of Special Elements Used in a Template Engine in mlflow/mlflow — mlflow/mlflowCWE-1336 9.4AICriticalAI2023-12-12
CVE-2023-6568 Reflected XSS via Content-Type Header in mlflow/mlflow — mlflow/mlflowCWE-79 6.1 -2023-12-07
CVE-2023-6014 MLflow Authentication Bypass — mlflow/mlflowCWE-598 7.5 -2023-11-16
CVE-2023-6015 MLflow Arbitrary File Upload — mlflow/mlflowCWE-22 9.8 -2023-11-16
CVE-2023-6018 MLflow Arbitrary File Write — mlflow/mlflowCWE-78 9.1 -2023-11-16
CVE-2023-4033 OS Command Injection in mlflow/mlflow — mlflow/mlflowCWE-78 7.2 -2023-08-01
CVE-2023-3765 Absolute Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-36 4.3 -2023-07-19
CVE-2023-2780 Path Traversal: '\..\filename' in mlflow/mlflow — mlflow/mlflowCWE-29 8.1 -2023-05-17
CVE-2023-2356 Relative Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-23 7.7 -2023-04-28
CVE-2023-1177 Path Traversal: '\..\filename' in mlflow/mlflow — mlflow/mlflowCWE-29 9.3 Critical2023-03-24
CVE-2023-1176 Absolute Path Traversal in mlflow/mlflow — mlflow/mlflowCWE-36 7.1 -2023-03-24

This page lists every published CVE security advisory associated with MLflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.