Homepage

mlflow vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • L
CVE-2025-8869

<3.6.0-r0
  • L
GHSA-4xh5-x5gv-qwph

<3.6.0-r0
  • L
Algorithmic Complexity

<3.5.1-r1
  • L
GHSA-7f5h-v6xp-fcq8

<3.5.1-r1
  • L
GHSA-g7f3-828f-7h7m

<3.4.0-r2
  • L
GHSA-pq5p-34cr-23v9

<3.4.0-r2
  • L
Improper Input Validation

<3.4.0-r2
  • L
GHSA-9ggr-2464-2j32

<3.4.0-r1
  • L
Insufficient Verification of Data Authenticity

<3.4.0-r1
  • L
Allocation of Resources Without Limits or Throttling

<3.1.4-r0
  • L
GHSA-2c2j-9gv5-cj73

<3.1.4-r0
  • L
Open Redirect

<3.1.0-r3
  • L
GHSA-48p4-8xcf-vxj5

<3.1.0-r3
  • L
GHSA-pq67-6m6q-mj2v

<3.1.0-r3
  • M
Open Redirect

<3.1.0-r3
  • L
Insufficiently Protected Credentials

<3.1.0-r0
  • L
GHSA-9hjg-9r4m-mvj7

<3.1.0-r0
  • L
Function Call With Incorrect Order of Arguments

<2.22.0-r2
  • L
GHSA-4grg-w6v8-c28g

<2.22.0-r2
  • L
GHSA-q34m-jh98-gwm2

<2.21.0-r0
  • L
Directory Traversal

<2.21.0-r0
  • H
Resource Exhaustion

<2.21.0-r0
  • L
GHSA-f9vj-2wh5-fj8j

<2.21.0-r0
  • L
GHSA-gmj6-6f8f-6699

<2.19.0-r2
  • L
GHSA-q2x7-8rv6-6q7h

<2.19.0-r2
  • H
Improper Neutralization

<2.19.0-r2
  • L
Protection Mechanism Failure

<2.19.0-r2
  • L
GHSA-248v-346w-9cwc

<2.14.2-r0
  • H
Insufficient Verification of Data Authenticity

<2.14.2-r0
  • L
CVE-2024-37891

<2.14.1-r0
  • L
GHSA-34jh-p97f-mpxf

<2.14.1-r0
  • L
GHSA-pqcv-qw2r-r859

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • H
Arbitrary Code Injection

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • L
GHSA-7p8j-qv6x-f4g4

<2.13.2-r0
  • L
GHSA-x38x-g6gr-jqff

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • L
GHSA-ghv6-9r9j-wh4j

<2.13.2-r0
  • L
GHSA-wf7f-8fxf-xfxc

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • L
GHSA-cwgg-w6mp-w9hg

<2.13.2-r0
  • L
GHSA-j8mg-pqc5-x9gj

<2.13.2-r0
  • L
GHSA-43c4-9qgj-x742

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • H
Deserialization of Untrusted Data

<2.13.2-r0
  • L
GHSA-cv6c-7963-wxcg

<2.13.2-r0
  • L
GHSA-76cg-cfhx-373f

<2.13.2-r0
  • L
GHSA-9wx4-h78v-vm56

<2.13.1-r0
  • L
CVE-2024-35195

<2.13.1-r0