Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

pypi mlflow Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1wNGp4LXE2MnAteDVqcs4AA8J5
MLflow allows low privilege users to delete any artifact
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 11 days ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qNjJyLXd4cXEtZjNnZs4AA7B4
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zdjc5LXE3cGgtajc1aM4AA5e3
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
High
GSA_kwCzR0hTQS02NzQ5LW01Y3AtNmNnN84AA5e2
Cross-site Scripting in MLFlow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 3 months ago
High
GSA_kwCzR0hTQS01cjNxLTkzcTMtZjk3OM4AA37c
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xZzhwLTMyZ3ItZ2g2eM4AA37h
MLflow Local File Disclosure Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
High
GSA_kwCzR0hTQS13djhxLTRmODUtMnA4cM4AA37f
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1odmM2LTQydmYtamhmOM4AA35I
mlflow Command Injection vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
High
GSA_kwCzR0hTQS12OTQ1LXIzcmMtNmZqbc4AA3ti
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1jeGZyLTVxM3ItMnJjMs4AA3r7
Jinja2 template injection in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12d2hmLTN2Nngtd2ZmOM4AA3mS
Cross-site Scripting (XSS) in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 6 months ago
High
GSA_kwCzR0hTQS13cXhmLTQ0N20tNmY1Zs4AA3kN
Information exposure in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
High
GSA_kwCzR0hTQS1mZnczLTYzNzgtY3FncM4AA0-f
mlflow vulnerable to OS Command Injection
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1mbXhqLTZoOWctNnZ3M84AA0y8
MLflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS13YzZqLTVnODMteGZtNs4AAzRj
mflow vulnerable to directory traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04M2ZtLXc3OW0tNjRyNc4AAzCj
Remote file access vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14NDIyLTZxaHYtcDI5Z84AAzAd
Relative path traversal in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13cDcyLTdoajktNTI2Nc4AAyUI
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14ZzczLTk0ZnAtZzQ0Oc4AAyUH
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS12cWoyLTR2OG0tOHZycc0uPQ
Insecure Temporary File in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 2 years ago
Statistics
Advisories: 18,882
Packages: 8,426
Repositories: 2
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 django 80 apache-airflow 79 ansible 63 salt 53 Plone 52 apache-superset 49 nova 46 plone 43 rdiffweb 42 Pillow 41 vyper 38 matrix-synapse 35 moin 35 mlflow 33 Django 32 keystone 31 opencv-contrib-python 30 opencv-python 30 glance 19 langchain 18 PaddlePaddle 17 mercurial 17 cobbler 17 pillow 16 neutron 16 gradio 15 cryptography 15 notebook 15 paddlepaddle 15 pyftpdlib 14 modoboa 14 pyload-ng 14 vantage6 13 OctoPrint 13 swift 12 aiohttp 11 urllib3 11 twisted 11 onionshare-cli 11 calibreweb 11 horizon 11 Flask-AppBuilder 10 trytond 10 wagtail 10 Zope 9 kiwitcms 9 ryu 9 roundup 9 zope 9 waitress 9 ethyca-fides 9 nautobot 9 opencv-contrib-python-headless 9 opencv-python-headless 9 aubio 8 python-keystoneclient 8 numpy 8 trac 8 label-studio 8 cinder 8 scrapy 7 matrix-sydent 7 pip 7 ipython 7 lief 7 pgadmin4 7 jupyter-server 7 pysaml2 7 tuf 6 requests 6 web2py 6 inventree 6 Zope2 6 Moin 6 mindsdb 6 mailman 6 graphite-web 6 apache-airflow-providers-apache-hive 6 lxml 6 sentry 6 python-gnupg 5 Products.CMFPlone 5 omero-web 5 paramiko 5 ckan 5 pyspark 5 feedparser 5 Jinja2 5 whoogle-search 5 saleor 5 lmdb 5 bleach 5 werkzeug 4 nltk 4 reportlab 4 yt-dlp 4 Pygments 4 buildbot 4 markdown2 4 jupyterhub 4 qutebrowser 4 tornado 4 oauthenticator 4 transformers 4 httpie 4 FreeTAKServer-UI 4 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 aws-iot-device-sdk-v2 4 awsiotsdk 4 GitPython 4 Radicale 4 keylime 4 jwcrypto 4 bottle 4 grpcio 4 grpc 4 starlette 4 ansible-core 4 datasette 4 nvflare 4 pretix 4 tripleo-heat-templates 4 Keystone 4 esphome 4 Scrapy 4 barbican 4 PyPDF2 4 Flask-Security-Too 4 Werkzeug 4 pyyaml 3 Mezzanine 3 Kallithea 3 apache-libcloud 3 SQLAlchemy 3 apache-airflow-providers-apache-spark 3 flask 3 fava 3 rsa 3 apache-iotdb 3 asyncua 3 wger 3 keyring 3 indico 3 protobuf 3 pandasai 3 mayan-edms 3 streamlit 3 copyparty 3 Nova 3 ray 3 asyncssh 3 pyarrow 3 changedetection.io 3 io.grpc:grpc-protobuf 3 ajenti 3 Weblate 3 sanic 3 ujson 3 sqlparse 3 llama-index 3 ansible-runner 3 dulwich 3 octavia 3 slixmpp 3 clearml 3 docassemble.webapp 3 quokka 3 pycrypto 3 mitmproxy 3 zenml 3 plone.app.event 3 plone.app.theming 3 plone.app.dexterity 3 plone.supermodel 3 sickrage 3 sosreport 3 httplib2 3 torchserve 3 homeassistant 3 onnx 3 python-jose 3 jupyterlab 3 poetry 3 localstack 3 mistune 3 openvpn-monitor 3 indy-node 3 aim 3 gerapy 3 bitlyshortener 3 pywasm3 3 Products.PluggableAuthService 3 keystonemiddleware 3 ecdsa 3 django-helpdesk 3 python-apt 2 libosdp 2