Bounties
Partners
Community
Info
mlflow / mlflow
Project repository
Open source platform for the machine learning lifecycle
Submit a report
FIRST INTERACTION
WITHIN
5 DAYS
REVIEW
WITHIN
5 DAYS
FIX
WITHIN
N/A DAYS
MLflow PyFunc Model Loader - Path Traversal Leading to Arbitrary Code Execution
Apr 18th 2026
jayantkamble10000
•
duplicate
Critical
Command Injection in Container Model Serving via Unsanitized Conda Env Path (Inc...
Apr 18th 2026
patchmyday
•
duplicate
High
Guardrail bypass via client-supplied `X-MLflow-Guardrail-Bypass` header — `gatew...
Apr 30th 2026
snakeyworm
•
not applicable
AI Gateway Guardrail Bypass via X-MLflow-Guardrail-Bypass HTTP Header
Apr 30th 2026
penguinmiaou
•
not applicable
Guardrail bypass via client-supplied `X-MLflow-Guardrail-Bypass` header — `gatew...
Apr 30th 2026
snakeyworm
•
not applicable
Command Injection via Unsanitized Conda Environment File Name
Apr 18th 2026
0xhunter213
•
duplicate
Critical
Incomplete Fix for CVE-2025-15379: Command Injection via python_env.yaml in Virt...
Apr 13th 2026
rook2135
•
duplicate
Critical
Missing object-level authorization on trace endpoints allows cross-experiment...
Apr 11th 2026
zx41r
•
duplicate
High
Command Injection via Unquoted Model Path in `serve_stdin` Execution Path
Apr 11th 2026
0xmanan
•
duplicate
Critical
MLflow SSRF in _fetch_zip_repo — Arbitrary HTTP Requests to Internal Services
Apr 11th 2026
radikhoroshev
•
duplicate
None
MLFLOW_ALLOW_PICKLE_DESERIALIZATION Bypass via DSPy Native Model Format Leads to...
Apr 11th 2026
skillwager
•
duplicate
None
Broken Access Control: Unauthenticated Arbitrary Job Execution via POST /ajax-ap...
Apr 11th 2026
microwaveovens-yay
•
duplicate
Critical
MLflow pyfunc loader_module Arbitrary Code Execution (CWE-470, CVSS 8.8)
Apr 11th 2026
nitaydariel
•
duplicate
High
MLflow Project URI SSRF via _fetch_zip_repo — Arbitrary HTTP Requests to Interna...
Apr 11th 2026
radikhoroshev
•
duplicate
High
Insecure Default in PyFunc CloudPickle Deserialization Leads to Remote Code Exec...
Apr 11th 2026
crazymarky
•
duplicate
High
SSRF via user-controlled ZIP URI in mlflow.projects.run() + ZipSlip arbitrary fi...
Apr 11th 2026
elliottower
•
duplicate
High
Missing Shell Argument Escaping in PyFunc Backend serve_stdin Allows Potential C...
Apr 11th 2026
sonumishraa
•
duplicate
High
Test Title
Apr 6th 2026
rook2135
•
self closed
Command Injection via pip_requirements_override in Virtualenv Execution Path
Apr 6th 2026
rook2135
•
self closed
Incomplete Fix for CVE-2025-15379: Command Injection via python_env.yaml in Virt...
Apr 6th 2026
rook2135
•
self closed
Remote Code Execution via Models-from-Code bypasses pickle guard — arbitrary Pyt...
Apr 18th 2026
javitoia
•
duplicate
Critical
Path Traversal in LocalArtifactRepository.delete_artifacts() Allows Arbitrary Fi...
Apr 7th 2026
sonumishraa
•
self closed
Incomplete Fix of CVE-2025-15379: Command Injection via Conda Env Path
Apr 13th 2026
sark4
•
duplicate
Critical
Command Injection in serve_stdin() via unquoted local_path in bash -c
Apr 11th 2026
kimkou2024
•
duplicate
High
[CWE-77] MLflow — Command Injection via CONDA env_manager Bypass of CVE-2025-153...
Apr 18th 2026
doubledoze
•
duplicate
Critical
Arbitrary code execution via unsanitized loader_module in MLflow model artifacts
Apr 18th 2026
n1neman
•
duplicate
Critical
Broken Access Control: 31 v3 API Endpoints Missing Authorization Validators in M...
Mar 31st 2026
lewlademp
•
duplicate
High
Zero-Click Remote Code Execution (RCE) via Deserialization in mlflow.genai.list_...
Mar 31st 2026
samir-atra
•
duplicate
Critical
Arbitrary Module Import via pickle_module_info.txt in MLflow PyTorch Model Loadi...
Mar 31st 2026
hacnho
•
duplicate
High
Arbitrary File Read via Tar Symlink Bypass of Path Traversal Fix in mlflow/mlflo...
Mar 31st 2026
hacnho
•
duplicate
Medium
Default config allows unauthenticated pickle RCE via model upload API
Mar 31st 2026
csaw-admin
•
duplicate
Critical
Show more...
CRITICAL
$0
HIGH
$0
MEDIUM
$0
LOW
$0
