Browse all 61 CVE security advisories affecting MLflow. AI-powered Chinese analysis, POCs, and references for each vulnerability.
MLflow is an open-source platform designed for the machine learning lifecycle, facilitating experiment tracking, reproducibility, and deployment. Despite its utility, the software has accumulated sixty-one Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The most prevalent vulnerability classes involve server-side request forgery, insecure direct object references, and cross-site scripting, often stemming from inadequate input validation in its web interface. Additionally, several issues relate to improper access control, allowing unauthorized users to manipulate experiment data or execute arbitrary code through crafted requests. While no single catastrophic breach has publicly defined its history, the high volume of CVEs suggests systemic weaknesses in authentication and session management. These flaws primarily impact the integrity and confidentiality of machine learning workflows, requiring rigorous patching and secure configuration by administrators to mitigate risks associated with its widely adopted tracking and model serving components.
Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with MLflow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.