mlflow | Snyk

Direct Vulnerabilities

Known vulnerabilities in the mlflow package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
L GHSA-mv93-w799-cj2w	<3.12.0-r0
L OS Command Injection	<3.11.1-r0
L Cross-site Request Forgery (CSRF)	<3.11.1-r0
C Arbitrary Argument Injection	<3.11.1-r0
H Directory Traversal	<3.11.1-r0
L GHSA-rpm5-65cw-6hj4	<3.11.1-r0
L GHSA-jj8c-mmj3-mmgv	<3.11.1-r0
M Missing Authorization	<3.11.1-r0
L GHSA-v92g-xgxw-vvmm	<3.11.1-r0
M Cross-site Scripting (XSS)	<3.11.1-r0
L GHSA-46r5-x6jq-v8g6	<3.11.1-r0
L GHSA-x2qx-6953-8485	<3.11.1-r0
L GHSA-fh64-r2vc-xvhr	<3.11.1-r0
L GHSA-7qhf-v65m-g5f3	<3.12.0-r0
C Missing Authentication for Critical Function	<3.12.0-r0
L Uncontrolled Recursion	<3.10.1-r1
L GHSA-gc5v-m9x4-r6x2	<3.10.1-r1
M Insecure Temporary File	<3.10.1-r1
L GHSA-jr27-m4p2-rc6r	<3.10.1-r1
L GHSA-68rp-wp8r-4726	<3.9.0-r1
L GHSA-29vq-49wr-vm6x	<3.9.0-r1
M Information Exposure Through Caching	<3.9.0-r1
H Out-of-bounds Write	<3.9.0-r1
M Improper Handling of Windows Device Names	<3.9.0-r1
M CVE-2026-26007	<3.9.0-r1
L GHSA-r6ph-v2qm-q3c2	<3.9.0-r1
L GHSA-cfh3-3jmp-rvhc	<3.9.0-r1
M Directory Traversal	<3.8.1-r3
H CVE-2026-0994	<3.8.1-r3
L GHSA-7gcm-g887-7qv7	<3.8.1-r3
L Directory Traversal	<3.8.1-r3
L GHSA-63vm-454h-vhhq	<3.8.1-r3
L GHSA-8rrh-rw8j-w5fx	<3.8.1-r3
L GHSA-58pv-8j8x-9vj2	<3.8.1-r3
L Allocation of Resources Without Limits or Throttling	<3.8.1-r3
H Improper Handling of Highly Compressed Data (Data Amplification)	<3.8.1-r1
L GHSA-38jv-5279-wg99	<3.8.1-r1
L Resource Exhaustion	<3.4.0-r2
L GHSA-w853-jp5j-5j7f	<3.8.0-r0
M Link Following	<3.8.0-r0
L GHSA-gm62-xv2j-4w53	<3.7.0-r1
H Improper Handling of Highly Compressed Data (Data Amplification)	<3.7.0-r1
L GHSA-2xpw-w6gg-jr37	<3.7.0-r1
H Allocation of Resources Without Limits or Throttling	<3.7.0-r1
L GHSA-768j-98cg-p3fv	<3.6.0-r1
C XML Injection	<3.6.0-r1
M Improper Handling of Windows Device Names	<3.6.0-r1
L GHSA-hgf8-39gv-g3f2	<3.6.0-r1
L CVE-2025-8869	<3.6.0-r0
L Algorithmic Complexity	<3.5.1-r1
L Improper Input Validation	<3.4.0-r2
L Insufficient Verification of Data Authenticity	<3.4.0-r1
L Allocation of Resources Without Limits or Throttling	<3.1.4-r0
M Open Redirect	<3.1.0-r3
M Open Redirect	<3.1.0-r3
L Insufficiently Protected Credentials	<3.1.0-r0
L Function Call With Incorrect Order of Arguments	<2.22.0-r2
M Directory Traversal	<2.21.0-r0
H Resource Exhaustion	<2.21.0-r0
H Improper Neutralization	<2.19.0-r2
L Protection Mechanism Failure	<2.19.0-r2
H Insufficient Verification of Data Authenticity	<2.14.2-r0
M CVE-2024-37891	<2.14.1-r0
H Arbitrary Code Injection	<2.13.2-r0
L CVE-2024-35195	<2.13.1-r0

Vulnerability

Vulnerable Version

GHSA-mv93-w799-cj2w

<3.12.0-r0