Skip to content
Tools / mlflow / Dependencies

Dependency Analysis

mlflow

Direct and transitive dependency freshness, license, and CVE exposure from the latest SBOM.

Security Export CSV
43% Freshness
6495 Dependencies
2972 Outdated
0 Stale
35.5 Avg Behind

Dependency List

Latest release v3.12.0

All 6500 Outdated 3916 Has CVE 113 GPL 9
Dependency Type Current Latest Behind CVE License
node-forge
npm
 Transitive 1.3.3 1.4.0 1 behind 4 high BSD-3-Clause OR GPL-2.0-only
charset-normalizer
pypi
 Direct 3.4.5 3.4.7 2 behind LGPL-2.0-or-later AND LGPL-2.1-only AND LicenseRef-scancode-public-domain AND MIT AND MPL-1.1
paramiko
pypi
 Direct 3.5.1 5.0.0 2 behind LGPL-2.1-or-later
@opentelemetry/api
npm
 Transitive 1.9.0 1.9.1 1 behind Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only)
contextlib2
pypi
 Direct 21.6.0 21.6.0 Current Apache-2.0 AND GPL-1.0-or-later AND LicenseRef-scancode-other-copyleft AND PSF-2.0 AND Python-2.0
gitdb
pypi
 Direct 4.0.12 4.0.12 Current BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later
javax.annotation:javax.annotation-api
maven
 Direct 1.2 CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0
psycopg2-binary
pypi
 Direct 2.9.12 2.9.12 Current LGPL-2.0-or-later AND LGPL-3.0-or-later
typing-extensions
pypi
 Direct 4.15.0 4.15.0 Current Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD

License Breakdown

MIT 4798
Unknown 395
ISC 331
Apache-2.0 269
BSD-3-Clause 204
BSD-2-Clause 117
MIT-0 63
CC0-1.0 48
Apache-2.0 AND MIT 44
BSD-2-Clause AND BSD-3-Clause 31
MPL-2.0 15
CC0-1.0 AND MIT 13
ISC AND MIT 12
BlueOak-1.0.0 10
0BSD 9
Apache-2.0 AND BSD-2-Clause 8
BSD-3-Clause AND MIT 7
LicenseRef-scancode-generic-cla AND MIT 6
Python-2.0 5
Zlib 5
BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 4
CC-BY-4.0 4
MIT OR (CC0-1.0 AND MIT) 4
Unlicense 4
CC0-1.0 OR MIT OR (CC0-1.0 AND MIT) 3
LicenseRef-scancode-public-domain AND Unlicense 3
LicenseRef-scancode-unicode AND MIT 3
Apache-2.0 AND BSD-3-Clause 2
Apache-2.0 AND BSD-3-Clause AND MIT AND OFL-1.1 2
Apache-2.0 OR BSD-2-Clause OR MIT OR (Apache-2.0 AND BSD-2-Clause) OR (Apache-2.0 AND MIT) OR (BSD-2-Clause AND MIT) 2
BSD-2-Clause AND BSD-2-Clause-Views 2
BSD-2-Clause AND BSD-3-Clause AND MIT 2
BSD-3-Clause AND LicenseRef-scancode-facebook-patent-rights-2 2
BSD-3-Clause AND LicenseRef-scancode-protobuf 2
CC-BY-3.0 2
ISC AND LicenseRef-scancode-unknown-license-reference 2
MIT AND HPND 2
MIT AND Python-2.0 2
PSF-2.0 2
(Apache-2.0 AND BSD-3-Clause AND MIT) OR (Apache-2.0 AND MIT) 1
(MPL-2.0 OR Apache-2.0) 1
0BSD AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference AND PSF-2.0 AND Python-2.0 1
Apache-2.0 AND BSD-3-Clause AND LicenseRef-scancode-unknown-license-reference 1
Apache-2.0 AND BSD-3-Clause AND MIT AND Zlib 1
Apache-2.0 AND BSD-3-Clause AND MPL-2.0 1
Apache-2.0 AND BSD-3-Clause AND PSF-2.0 AND Python-2.0 1
Apache-2.0 AND BUSL-1.1 1
Apache-2.0 AND CC-BY-3.0 AND CC-BY-4.0 AND CC-BY-SA-3.0 AND CC0-1.0 AND ISC AND LicenseRef-scancode-unknown-license-reference AND MIT AND MPL-2.0 AND OFL-1.1 1
Apache-2.0 AND GPL-1.0-or-later AND LicenseRef-scancode-other-copyleft AND PSF-2.0 AND Python-2.0 1
Apache-2.0 AND ISC 1
Apache-2.0 AND MIT AND MPL-2.0 1
Apache-2.0 OR (Apache-2.0 AND LGPL-3.0-only) 1
Apache-2.0 OR MIT 1
Apache-2.0 OR MPL-1.1 OR (Apache-2.0 AND MPL-1.1) 1
Apache-2.0 OR MPL-2.0 1
Apache-2.0 OR Unlicense OR (Apache-2.0 AND Unlicense) 1
Artistic-2.0 AND ISC 1
Artistic-2.0 AND MIT 1
BSD-2-Clause AND BSD-3-Clause AND GPL-1.0-or-later 1
BSD-2-Clause AND BSD-3-Clause AND LicenseRef-scancode-public-domain AND Unlicense 1
BSD-3-Clause AND ISC AND MIT 1
BSD-3-Clause AND LicenseRef-scancode-generic-cla AND MIT 1
BSD-3-Clause OR Apache-2.0 1
BSD-3-Clause OR GPL-2.0-only 1
BSL-1.0 1
CC-BY-3.0 AND CC-BY-SA-3.0 AND MIT 1
CC-BY-SA-4.0 AND ISC 1
CC0-1.0 AND Unlicense 1
CDDL-1.0 OR GPL-2.0-only WITH Classpath-exception-2.0 1
CNRI-Python AND Apache-2.0 1
EPL-1.0 1
ISC AND JSON AND MIT 1
ISC AND MPL-2.0 1
LGPL-2.0-or-later AND LGPL-2.1-only AND LicenseRef-scancode-public-domain AND MIT AND MPL-1.1 1
LGPL-2.0-or-later AND LGPL-3.0-or-later 1
LGPL-2.1-or-later 1
LicenseRef-scancode-commercial-license AND LicenseRef-scancode-other-permissive AND MIT 1
LicenseRef-scancode-free-unknown AND MIT 1
LicenseRef-scancode-public-domain 1
LicenseRef-scancode-public-domain AND MIT 1
LicenseRef-scancode-secret-labs-2011 AND MIT-CMU 1
MIT AND HPND-Markus-Kuhn 1
MIT AND MIT-0 1
MIT AND MITNFA 1
MIT AND MPL-2.0 1
MIT AND OFL-1.1 1
MIT AND PSF-2.0 1
MIT AND Python-2.0 AND Python-2.0.1 1
MIT AND Unlicense 1
MIT AND WTFPL 1
MIT AND ZPL-2.1 1
MIT AND Zlib 1
MIT OR (Apache-2.0 AND MIT) 1
MIT OR WTFPL OR (MIT AND WTFPL) 1
MIT-CMU 1
MPL-2.0 AND Apache-2.0 1
MPL-2.0 AND Python-2.0 1
PSF-2.0 AND Python-2.0 1
Python-2.0 AND GPL-1.0-or-later AND Python-2.0 AND BSD-3-Clause AND Python-2.0 AND BSD-3-Clause AND 0BSD 1
ZPL-2.1 1

CVE Severity

critical 11
high 58
medium 35
low 9
unknown 0

Beta — feedback welcome: [email protected]