mlflow vulnerabilities

Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Open Redirect	<3.1.0-r3
L GHSA-48p4-8xcf-vxj5	<3.1.0-r3
L GHSA-pq67-6m6q-mj2v	<3.1.0-r3
L Open Redirect	<3.1.0-r3
L Insufficiently Protected Credentials	<3.1.0-r0
L GHSA-9hjg-9r4m-mvj7	<3.1.0-r0
L Function Call With Incorrect Order of Arguments	<2.22.0-r2
L GHSA-4grg-w6v8-c28g	<2.22.0-r2
L GHSA-q34m-jh98-gwm2	<2.21.0-r0
L Directory Traversal	<2.21.0-r0
H Resource Exhaustion	<2.21.0-r0
L GHSA-f9vj-2wh5-fj8j	<2.21.0-r0
L GHSA-gmj6-6f8f-6699	<2.19.0-r2
L GHSA-q2x7-8rv6-6q7h	<2.19.0-r2
L Improper Neutralization	<2.19.0-r2
L Protection Mechanism Failure	<2.19.0-r2
L GHSA-248v-346w-9cwc	<2.14.2-r0
H Insufficient Verification of Data Authenticity	<2.14.2-r0
L CVE-2024-37891	<2.14.1-r0
L GHSA-34jh-p97f-mpxf	<2.14.1-r0
L GHSA-pqcv-qw2r-r859	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
H Arbitrary Code Injection	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
L GHSA-7p8j-qv6x-f4g4	<2.13.2-r0
L GHSA-x38x-g6gr-jqff	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
L GHSA-ghv6-9r9j-wh4j	<2.13.2-r0
L GHSA-wf7f-8fxf-xfxc	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
L GHSA-cwgg-w6mp-w9hg	<2.13.2-r0
L GHSA-j8mg-pqc5-x9gj	<2.13.2-r0
L GHSA-43c4-9qgj-x742	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
H Deserialization of Untrusted Data	<2.13.2-r0
L GHSA-cv6c-7963-wxcg	<2.13.2-r0
L GHSA-76cg-cfhx-373f	<2.13.2-r0
L GHSA-9wx4-h78v-vm56	<2.13.1-r0
L CVE-2024-35195	<2.13.1-r0

Vulnerability

Vulnerable Version

<3.1.0-r3

<3.1.0-r3

<3.1.0-r3

<3.1.0-r3

Insufficiently Protected Credentials

<3.1.0-r0