📦

mlflow

Vendor: lfprojects

Actively Exploited 0 CISA KEV List

PoC / Exploits 5 Code Available

Total RCEs 20 Remote Access

Total CVEs 95 Total Indexed

Avg. EPSS 6.49% Exploit Prob.

Latest CVE CVE-2026-10803 Jun 04

Security Vulnerability Index

Page 6 / 10

7.5 CVSS

CVE-2024-27133

RCE

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields.

EPSS: 0.65%

Severity: HIGH

Feb 23, 2024

7.5 CVSS

CVE-2024-27132

RCE

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables.

EPSS: 0.87%

Severity: HIGH

Feb 23, 2024

7.5 CVSS

CVE-2023-6977

This vulnerability enables malicious users to read sensitive files on the server.

EPSS: 3.92%

Severity: HIGH

Dec 20, 2023

8.8 CVSS

CVE-2023-6976

RCE

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process.

EPSS: 1.01%

Severity: HIGH

Dec 20, 2023

9.8 CVSS

CVE-2023-6975

A malicious user could use this issue to get command execution on the vulnerable machine and get access to data & models information.

EPSS: 2.01%

Severity: CRITICAL

Dec 20, 2023

9.8 CVSS

CVE-2023-6974

RCE

A malicious user could use this issue to access internal HTTP(s) servers and in the worst case (ie: aws instance) it could be abuse to get a remote code execution on the victim machine.

EPSS: 1.51%

Severity: CRITICAL

Dec 20, 2023

8.8 CVSS

CVE-2023-6940

RCE

with only one user interaction(download a malicious config), attackers can gain full command execution on the victim system.

EPSS: 1.22%

Severity: HIGH

Dec 19, 2023

7.5 CVSS

CVE-2023-6909

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

EPSS: 89.72%

Severity: HIGH

Dec 18, 2023

8.1 CVSS

CVE-2023-6831

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2.

EPSS: 3.29%

Severity: HIGH

Dec 15, 2023

8.8 CVSS

CVE-2023-6753

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.

EPSS: 1.07%

Severity: HIGH

Dec 13, 2023

Displaying 10 of 95 Total Entries

4 5 6 7 8 ... 10

Total 10 Sections