Login Sign Up

Lfprojects Security Vulnerabilities (CVEs)

Track 36 security vulnerabilities affecting Lfprojects products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

7 Critical
26 High
3 Medium
🔔 Get Alerts for Lfprojects
CVE-2026-21864 6.5

A vulnerability in Valkey-Bloom module allows a specially crafted RESTORE command to trigger an assertion failure, causing the Valkey server to shut d...

Feb 24, 2026
CVE-2025-67733 8.5

This vulnerability in Valkey allows malicious users to inject arbitrary data into response streams via scripting commands, potentially corrupting or t...

Feb 23, 2026
CVE-2026-21863 7.5

This vulnerability in Valkey allows attackers with access to the clusterbus port to send specially crafted packets that cause out-of-bounds reads, pot...

Feb 23, 2026
CVE-2026-0621 7.5

This CVE describes a regular expression denial of service (ReDoS) vulnerability in Anthropic's MCP TypeScript SDK. Attackers can exploit this by sendi...

Jan 5, 2026
CVE-2025-65105 4.5

This vulnerability in Apptainer allows containers to bypass AppArmor and SELinux security restrictions when using the --security option. It affects un...

Dec 2, 2025
CVE-2025-11200 9.8

This vulnerability allows remote attackers to bypass authentication in MLflow installations due to weak password requirements. Attackers can gain unau...

Oct 29, 2025
CVE-2025-49844 9.9

This CVE describes a critical vulnerability in Redis where authenticated users can execute specially crafted Lua scripts to manipulate the garbage col...

Oct 3, 2025
CVE-2025-21605 7.5

CVE-2025-21605 is a memory exhaustion vulnerability in Redis where unauthenticated clients can cause unlimited growth of output buffers, leading to se...

Apr 23, 2025
CVE-2025-1474 5.5

In MLflow versions 2.18, administrators can create user accounts without setting passwords, violating secure account management practices. This vulner...

Mar 20, 2025
CVE-2025-0453 7.5

This vulnerability in MLflow's GraphQL endpoint allows attackers to cause denial of service by sending specially crafted queries that consume excessiv...

Mar 20, 2025
CVE-2025-1473 7.1

A Cross-Site Request Forgery vulnerability in MLflow's signup feature allows attackers to create unauthorized accounts by tricking authenticated users...

Mar 20, 2025
CVE-2024-8859 7.5

A path traversal vulnerability in MLflow 2.15.1 allows attackers to read arbitrary files when the DBFS service is configured and mounted locally. This...

Mar 20, 2025
CVE-2024-27134 7.0

This vulnerability allows local attackers to escalate privileges on systems running MLflow when the spark_udf() API is called. Attackers can exploit i...

Nov 25, 2024
CVE-2024-0520 8.8

This CVE allows remote code execution in MLflow versions before 2.9.0 due to command injection vulnerability. Attackers can manipulate file paths when...

Jun 6, 2024
CVE-2024-37058 8.8

This vulnerability in MLflow allows remote code execution when users interact with maliciously uploaded Langchain AgentExecutor models. Attackers can ...

Jun 4, 2024
CVE-2024-37060 8.8

This vulnerability in MLflow allows remote code execution when deserializing untrusted data from malicious Recipes. It affects MLflow versions 1.27.0 ...

Jun 4, 2024
CVE-2024-37054 8.8

This vulnerability allows remote code execution through malicious PyFunc models in MLflow. Attackers can upload specially crafted models that execute ...

Jun 4, 2024
CVE-2024-37056 8.8

This vulnerability allows remote code execution through malicious ML models in MLflow. Attackers can upload specially crafted LightGBM scikit-learn mo...

Jun 4, 2024
CVE-2024-37052 8.8

This vulnerability allows remote code execution through malicious ML models in MLflow. Attackers can upload specially crafted scikit-learn models that...

Jun 4, 2024
CVE-2024-3573 9.3

This vulnerability in MLflow allows attackers to perform Local File Inclusion (LFI) by exploiting improper URI parsing in the 'is_local_uri' function....

Apr 16, 2024
CVE-2024-1593 7.5

A path traversal vulnerability in MLflow allows attackers to use ';' characters in URL parameters to access unauthorized files or directories. This af...

Apr 16, 2024
CVE-2024-1558 7.5

This path traversal vulnerability in MLflow allows attackers to read arbitrary files on the server by exploiting improper validation of the source par...

Apr 16, 2024
CVE-2024-27916 7.1

This vulnerability in Minder allows authenticated users to access, delete, or retrieve artifacts from any repository in the database regardless of own...

Mar 21, 2024
CVE-2024-27133 7.5

CVE-2024-27133 is a cross-site scripting (XSS) vulnerability in MLflow that occurs when running recipes with untrusted datasets. Insufficient sanitiza...

Feb 23, 2024
CVE-2023-6974 9.8

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in MLflow that allows attackers to make unauthorized requests to internal HTTP(s...

Dec 20, 2023
CVE-2023-6976 8.8

This vulnerability in MLflow allows attackers to write arbitrary files to arbitrary locations on the server filesystem, potentially leading to remote ...

Dec 20, 2023
CVE-2023-6940 8.8

CVE-2023-6940 is a command injection vulnerability in MLflow that allows attackers to execute arbitrary commands on the victim system by tricking user...

Dec 19, 2023
CVE-2023-6909 7.5

This path traversal vulnerability in MLflow allows attackers to access arbitrary files on the server by using '\..\filename' sequences in requests. It...

Dec 18, 2023
CVE-2023-6753 8.8

This path traversal vulnerability in MLflow allows attackers to read arbitrary files on the server by manipulating file paths in requests. It affects ...

Dec 13, 2023
CVE-2023-43472 7.5

This vulnerability in MLFlow allows remote attackers to access sensitive information through crafted REST API requests. It affects MLFlow deployments ...

Dec 5, 2023
CVE-2023-6014 9.8

This vulnerability allows unauthenticated attackers to create arbitrary user accounts in MLflow deployments, bypassing all authentication requirements...

Nov 16, 2023
CVE-2023-6015 7.5

CVE-2023-6015 is a path traversal vulnerability in MLflow that allows attackers to upload arbitrary files to any location on the server's filesystem. ...

Nov 16, 2023
CVE-2023-4033 7.8

This CVE describes an OS command injection vulnerability in MLflow versions prior to 2.6.0. Attackers can execute arbitrary operating system commands ...

Aug 1, 2023
CVE-2023-3765 10.0

This vulnerability allows attackers to perform absolute path traversal attacks in MLflow deployments prior to version 2.5.0. Attackers can potentially...

Jul 19, 2023
CVE-2023-2780 9.8

This CVE describes a path traversal vulnerability in MLflow where attackers can use '\..\filename' sequences to access files outside intended director...

May 17, 2023
CVE-2023-30549 7.1

This CVE describes a use-after-free vulnerability in the ext4 filesystem that affects Apptainer container platform. It allows attackers to potentially...

Apr 25, 2023

Why Monitor Lfprojects Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 36+ known vulnerabilities affecting Lfprojects products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Lfprojects packages in under 60 seconds. No agents required - completely agentless scanning that works across Lfprojects deployments.

Free vulnerability database: Access detailed information about every Lfprojects CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

  • Register free account & add your servers
  • Run one-time scan or schedule automatic monitoring (every 1-24 hours)
  • Receive instant alerts when new Lfprojects CVEs affect your systems
  • Access dashboard with severity breakdown & fix instructions
Start Monitoring Lfprojects CVEs Free