Skip to content
Tools / mlflow / Security

Security Deep Dive

mlflow

Security posture and CVE patch evidence from tracked releases.

Back to Tool

1 actively-exploited dependency CVE affects ts/v0.2.0.

KEV-listed CVEs are confirmed exploited in the wild — patch urgently.

Versions by Severity

CVEs are attributed to tracked releases published before the patch release.

7 versions tracked
Version Published C H M L KEV Notes
ts/v0.2.0 2026-05-15
Latest Patches CVE-2023-4863 Patches CVE-2026-42208
v3.12.0 2026-05-05 1 1 KEV 2
v3.11.1 2026-04-08 1 1 KEV 2
model-catalog/latest 2026-04-06 1 1 KEV 2
v3.10.1 2026-03-05 1 1 KEV 2
v3.10.0 2026-02-20 1 1 KEV 2
v3.9.0 2026-01-29 1 1 KEV 2
— Signed — SLSA — SBOM ✓ Security policy Monthly cadence · 17d median Active maintainer

Trust Signals — 3 of 9 Present

Evidence already collected from releases and repository metadata.

3/9 Present
Signed releases Unknown
Latest release artifact signature Latest release
SLSA provenance Unknown
Attestation predicate level Latest release
SBOM published Unknown
GitHub SBOM API Latest release
SECURITY.md Present
GitHub repository metadata Repository policy
Checked: 23d ago
Release cadence: monthly Present
17d median over recent releases Release history
Latest release: 20d ago
Maintainer active Present
Recent commit activity Repository
Last commit: 1d ago
Checksums (SHA256SUMS) Not active yet
SHA256SUMS or equivalent Release asset
Latest release: 20d ago
GitHub Actions attestation Not active yet
actions/attest-build-provenance Workflow file
Latest release: 20d ago
Signing assets Not active yet
.sig, .crt, cosign.pub, or similar Release asset
Latest release: 20d ago
0.7/10 Security Score
5.6/10 Scorecard
Dependency Exposure 500 transitive dependency CVEs found in the latest SBOM. 95 critical.

Security Score

A composite score aggregating Scorecard performance, CVE patch history, OpenSSF badge tier, and dependency vulnerability exposure. Score ≥ 7.0 is healthy; < 4.0 warrants attention.

epss

0.00 / 0.5

Max EPSS 0.933

freshness

1.00 / 1.0

1d stale

scorecard

2.24 / 4.0

Score 5.6/10

cve health

0.00 / 2.5

No open CVEs

patch speed

0.50 / 0.5

⚠ Estimated — no CVE patch history

kev exposure

-1.50 / 1.5

KEV exposure detected

supply chain risk

-1.50 / 10.0

Risk 100.0/100

Score breakdown

schema v2

Vulnerability posture

vulnerability posture

0.0

25%

direct cves: clear cve scan: available

Release responsiveness

release responsiveness

10.0

5%

patch speed days: no_history

Dependency exposure

dependency exposure

0.0

10%

supply chain risk: 100.0 transitive cves: 95c/285h

Provenance trust

provenance trust

5.6

40%

scorecard score: 5.6 openssf badge: none

Maintainer health

maintainer health

10.0

10%

activity freshness: 1d

Operational risk

operational risk

0.0

10%

kev exposure: detected epss max: 0.933
How is this calculated?

The six dimensions group the legacy score signals into weighted categories: direct vulnerability status, patch responsiveness, dependency exposure, provenance checks, maintainer activity, and exploitability risk. The flat component values above remain available for compatibility.

Supply Chain Risk

Risk 100.0/100
95 Transitive critical CVEs
1 KEV-transitive CVEs
43% Dependency freshness

Scorecard

Scorecard 5.6/10

OpenSSF Scorecard evaluates supply-chain security practices automatically. Score ≥ 6 is passing; ≥ 8 is excellent.

Check Score Reason
Code-Review 10 all changesets reviewed
Maintained 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10
Security-Policy 10 security policy file detected
CII-Best-Practices 0 no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow 0 dangerous workflow patterns detected
License 10 license file detected
Pinned-Dependencies -1 internal error: internal error: invalid Dockerfile
Token-Permissions 10 GitHub workflow tokens follow principle of least privilege
Signed-Releases 0 Project has not signed or included provenance with any releases.
Binary-Artifacts 10 no binaries found in the repo
Branch-Protection 3 branch protection is not maximal on development and all release branches
Packaging 10 packaging workflow detected
Fuzzing 0 project is not fuzzed
SAST 0 SAST tool is not run on all commits -- score normalized to 0

OpenSSF Badge

OpenSSF none

Badge indicates adherence to open-source best practices.

CVE Patch History

Tracks CVEs that were addressed in tagged releases. Shorter gap between disclosure and patch = faster response. EPSS = predicted probability of exploitation in next 30 days (FIRST.org); colored at ≥90%ile and ≥50%ile.

CVEs Patched by Year

Critical High Medium Low
2026
2
CVE Severity EPSS Disclosed Fixed in Days to fix vs Ecosystem Median KEV
CVE-2023-4863 HIGH 99%ile ts/v0.2.0 KEV
CVE-2026-42208 CRITICAL 98%ile ts/v0.2.0 KEV

KEV = CISA Known Exploited Vulnerabilities catalog — actively exploited in the wild.

Dependency Vulnerabilities

6495 dependencies scanned View full dependency list →

Scanning the SBOM (Software Bill of Materials) of the latest release for known vulnerabilities in transitive dependencies.

Critical

95

High

285

Medium

120

Low

0

Unknown

0

1 dependency vulnerabilities are in KEV.

CISA confirmed these vulnerabilities are actively exploited. Treat as critical priority.

Still affecting latest (0) All (500)
Critical 95 High 285 Medium 120
CVE Severity KEV Dependency Affected version Cleared in release
CVE-2013-4366 critical org.apache.httpcomponents:httpclient ts/v0.2.0
CVE-2014-3007 critical pillow ts/v0.2.0
CVE-2015-7337 critical ipython 8.7.0 || > 8.7.0 ts/v0.2.0
CVE-2016-4009 critical pillow ts/v0.2.0
CVE-2017-18342 critical pyyaml ts/v0.2.0
CVE-2019-20477 critical pyyaml ts/v0.2.0
CVE-2020-11538 critical pillow ts/v0.2.0
CVE-2020-14343 critical pyyaml ts/v0.2.0
CVE-2020-1747 critical pyyaml ts/v0.2.0
CVE-2020-1953 critical org.apache.commons:commons-configuration2 ts/v0.2.0
CVE-2020-5310 critical pillow ts/v0.2.0
CVE-2020-5311 critical pillow ts/v0.2.0
CVE-2020-5312 critical pillow ts/v0.2.0
CVE-2021-25289 critical pillow ts/v0.2.0
CVE-2021-34552 critical pillow ts/v0.2.0
CVE-2022-22817 critical pillow ts/v0.2.0
CVE-2022-24439 critical gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2022-33980 critical org.apache.commons:commons-configuration2 ts/v0.2.0
CVE-2022-45907 critical torch 1.11.0 ts/v0.2.0
CVE-2022-45908 critical paddlepaddle ts/v0.2.0
CVE-2022-46741 critical paddlepaddle ts/v0.2.0
CVE-2022-46742 critical paddlepaddle ts/v0.2.0
CVE-2023-1177 critical mlflow ts/v0.2.0
CVE-2023-25668 critical tensorflow 2.10.0 ts/v0.2.0
CVE-2023-2780 critical mlflow ts/v0.2.0
CVE-2023-29374 critical langchain ts/v0.2.0
CVE-2023-32785 critical langchain ts/v0.2.0
CVE-2023-34540 critical langchain ts/v0.2.0
CVE-2023-34541 critical langchain ts/v0.2.0
CVE-2023-36095 critical langchain ts/v0.2.0
CVE-2023-36188 critical langchain ts/v0.2.0
CVE-2023-36258 critical langchain ts/v0.2.0
CVE-2023-36281 critical langchain ts/v0.2.0
CVE-2023-3765 critical mlflow ts/v0.2.0
CVE-2023-38673 critical paddlepaddle ts/v0.2.0
CVE-2023-38860 critical langchain ts/v0.2.0
CVE-2023-38896 critical langchain ts/v0.2.0
CVE-2023-39631 critical langchain ts/v0.2.0
CVE-2023-39659 critical langchain ts/v0.2.0
CVE-2023-39662 critical llama-index ts/v0.2.0
CVE-2023-40267 critical gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2023-45311 critical fsevents 1.2.9 ts/v0.2.0
CVE-2023-46308 critical plotly.js 2.5.1 ts/v0.2.0
CVE-2023-47248 critical pyarrow 8.0.0 ts/v0.2.0
CVE-2023-50447 critical pillow ts/v0.2.0
CVE-2023-52310 critical paddlepaddle ts/v0.2.0
CVE-2023-52311 critical paddlepaddle ts/v0.2.0
CVE-2023-52314 critical paddlepaddle ts/v0.2.0
CVE-2023-6014 critical mlflow 2.7.1 ts/v0.2.0
CVE-2023-6015 critical mlflow 2.7.1 ts/v0.2.0
CVE-2023-6018 critical mlflow 2.8.1 ts/v0.2.0
CVE-2023-6569 critical h2o ts/v0.2.0
CVE-2023-6730 critical transformers ts/v0.2.0
CVE-2023-6831 critical mlflow 2.8.1 ts/v0.2.0
CVE-2023-6974 critical mlflow 2.8.1 ts/v0.2.0
CVE-2023-6975 critical mlflow 2.8.1 ts/v0.2.0
CVE-2024-0520 critical mlflow 2.8.1 ts/v0.2.0
CVE-2024-0521 critical paddlepaddle ts/v0.2.0
CVE-2024-0818 critical paddlepaddle ts/v0.2.0
CVE-2024-0917 critical paddlepaddle ts/v0.2.0
CVE-2024-10553 critical h2o ts/v0.2.0
CVE-2024-23751 critical llama-index ts/v0.2.0
CVE-2024-27132 critical mlflow 2.8.1 ts/v0.2.0
CVE-2024-27133 critical mlflow 2.8.1 ts/v0.2.0
CVE-2024-2952 critical litellm ts/v0.2.0
CVE-2024-3573 critical mlflow 2.8.1 ts/v0.2.0
CVE-2024-3660 critical keras ts/v0.2.0
CVE-2024-45758 critical h2o ts/v0.2.0
CVE-2024-48063 critical torch 1.11.0 ts/v0.2.0
CVE-2024-5452 critical lightning 1.8.1 ts/v0.2.0
CVE-2024-5751 critical litellm ts/v0.2.0
CVE-2024-5980 critical lightning 1.8.1 ts/v0.2.0
CVE-2024-5986 critical h2o ts/v0.2.0
CVE-2025-14009 critical nltk ts/v0.2.0
CVE-2025-15036 critical mlflow 2.12.2 ts/v0.2.0
CVE-2025-15379 critical mlflow 2.12.2 ts/v0.2.0
CVE-2025-1793 critical llama-index ts/v0.2.0
CVE-2025-32434 critical torch 1.11.0 ts/v0.2.0
CVE-2025-49655 critical keras ts/v0.2.0
CVE-2025-6544 critical h2o ts/v0.2.0
CVE-2025-6545 critical pbkdf2 3.0.17 ts/v0.2.0
CVE-2025-6547 critical pbkdf2 3.0.17 ts/v0.2.0
CVE-2025-9287 critical cipher-base 1.0.4 ts/v0.2.0
CVE-2026-0545 critical mlflow 2.12.2 ts/v0.2.0
CVE-2026-25592 critical semantic-kernel ts/v0.2.0
CVE-2026-25896 critical fast-xml-parser 5.2.5 ts/v0.2.0
CVE-2026-26030 critical semantic-kernel ts/v0.2.0
CVE-2026-2635 critical mlflow 2.12.2 ts/v0.2.0
CVE-2026-27699 critical basic-ftp 5.0.5 ts/v0.2.0
CVE-2026-35002 critical agno ts/v0.2.0
CVE-2026-35030 critical litellm 1.82.6 ts/v0.2.0
CVE-2026-41242 critical protobufjs 7.5.4 ts/v0.2.0
CVE-2026-42208 critical litellm 1.82.6
GHSA-5mg7-485q-xm76 critical litellm ts/v0.2.0
GHSA-83fm-w79m-64r5 critical mlflow ts/v0.2.0
CVE-2012-6153 high org.apache.httpcomponents:httpclient ts/v0.2.0
CVE-2014-1932 high pillow ts/v0.2.0
CVE-2014-3589 high pillow ts/v0.2.0
CVE-2014-3598 high pillow ts/v0.2.0
CVE-2014-9601 high pillow ts/v0.2.0
CVE-2015-5237 high protobuf 8,>= 3.12.0 ts/v0.2.0
CVE-2016-0775 high pillow ts/v0.2.0
CVE-2016-10075 high tqdm ts/v0.2.0
CVE-2016-2533 high pillow ts/v0.2.0
CVE-2016-3076 high pillow ts/v0.2.0
CVE-2016-9190 high pillow ts/v0.2.0
CVE-2017-14158 high scrapy ts/v0.2.0
CVE-2018-12545 high org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2018-18074 high requests ts/v0.2.0
CVE-2019-14751 high nltk ts/v0.2.0
CVE-2019-16865 high pillow ts/v0.2.0
CVE-2019-18874 high psutil ts/v0.2.0
CVE-2019-19911 high pillow ts/v0.2.0
CVE-2020-10177 high pillow ts/v0.2.0
CVE-2020-10378 high pillow ts/v0.2.0
CVE-2020-10379 high pillow ts/v0.2.0
CVE-2020-10994 high pillow ts/v0.2.0
CVE-2020-35653 high pillow ts/v0.2.0
CVE-2020-35654 high pillow ts/v0.2.0
CVE-2020-5313 high pillow ts/v0.2.0
CVE-2020-7753 high trim 0.0.1 ts/v0.2.0
CVE-2021-22569 high com.google.protobuf:protobuf-java ts/v0.2.0
CVE-2021-23437 high pillow ts/v0.2.0
CVE-2021-25287 high pillow ts/v0.2.0
CVE-2021-25288 high pillow ts/v0.2.0
CVE-2021-25290 high pillow ts/v0.2.0
CVE-2021-25291 high pillow ts/v0.2.0
CVE-2021-25293 high pillow ts/v0.2.0
CVE-2021-27290 high ssri 8.0.0 ts/v0.2.0
CVE-2021-27921 high pillow ts/v0.2.0
CVE-2021-27922 high pillow ts/v0.2.0
CVE-2021-27923 high pillow ts/v0.2.0
CVE-2021-28165 high org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2021-28675 high pillow ts/v0.2.0
CVE-2021-28676 high pillow ts/v0.2.0
CVE-2021-28677 high pillow ts/v0.2.0
CVE-2021-32803 high tar 4.4.10 ts/v0.2.0
CVE-2021-32804 high tar 4.4.10 ts/v0.2.0
CVE-2021-33623 high trim-newlines 1.0.0 ts/v0.2.0
CVE-2021-37701 high tar 4.4.10 ts/v0.2.0
CVE-2021-37712 high tar 4.4.10 ts/v0.2.0
CVE-2021-37713 high tar 4.4.10 ts/v0.2.0
CVE-2021-3803 high nth-check 1.0.2 ts/v0.2.0
CVE-2021-3807 high ansi-regex 4.1.0 ts/v0.2.0
CVE-2021-3828 high nltk ts/v0.2.0
CVE-2021-3842 high nltk ts/v0.2.0
CVE-2021-43854 high nltk ts/v0.2.0
CVE-2022-0736 high mlflow ts/v0.2.0
CVE-2022-1941 high protobuf 8,>= 3.12.0 ts/v0.2.0
CVE-2022-21699 high ipython 8.7.0 || > 8.7.0 ts/v0.2.0
CVE-2022-23647 high prismjs 1.25.0 ts/v0.2.0
CVE-2022-24303 high pillow ts/v0.2.0
CVE-2022-25883 high semver 5.3.0 ts/v0.2.0
CVE-2022-25887 high sanitize-html 1.27.5 ts/v0.2.0
CVE-2022-30595 high pillow ts/v0.2.0
CVE-2022-3509 high com.google.protobuf:protobuf-java ts/v0.2.0
CVE-2022-3510 high com.google.protobuf:protobuf-java ts/v0.2.0
CVE-2022-4065 high org.testng:testng 6.14.3 ts/v0.2.0
CVE-2022-41894 high tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41900 high tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41902 high tensorflow 2.10.0 ts/v0.2.0
CVE-2022-45198 high pillow ts/v0.2.0
CVE-2022-45199 high pillow ts/v0.2.0
CVE-2023-2356 high mlflow ts/v0.2.0
CVE-2023-24807 high undici 5.10.0 ts/v0.2.0
CVE-2023-25658 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25659 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25660 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25662 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25663 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25664 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25665 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25666 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25669 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25670 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25671 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25672 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25673 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25674 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25675 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25676 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25801 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-27579 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-30172 high mlflow ts/v0.2.0
CVE-2023-32786 high langchain ts/v0.2.0
CVE-2023-33976 high tensorflow 2.10.0 ts/v0.2.0
CVE-2023-33976 high tensorflow-cpu 2.12.0 ts/v0.2.0
CVE-2023-36189 high langchain ts/v0.2.0
CVE-2023-38669 high paddlepaddle ts/v0.2.0
CVE-2023-38671 high paddlepaddle ts/v0.2.0
CVE-2023-4033 high mlflow ts/v0.2.0
CVE-2023-40590 high gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2023-43472 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-44271 high pillow ts/v0.2.0
CVE-2023-46229 high langchain ts/v0.2.0
CVE-2023-4863 high KEV pillow
CVE-2023-50782 high cryptography 39.0.1 ts/v0.2.0
CVE-2023-52304 high paddlepaddle ts/v0.2.0
CVE-2023-52307 high paddlepaddle ts/v0.2.0
CVE-2023-52309 high paddlepaddle ts/v0.2.0
CVE-2023-6709 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-6753 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-6909 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-6940 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-6976 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-6977 high mlflow 2.8.1 ts/v0.2.0
CVE-2023-7018 high transformers ts/v0.2.0
CVE-2024-0815 high paddlepaddle ts/v0.2.0
CVE-2024-0817 high paddlepaddle ts/v0.2.0
CVE-2024-10188 high litellm ts/v0.2.0
CVE-2024-10549 high h2o ts/v0.2.0
CVE-2024-10550 high h2o ts/v0.2.0
CVE-2024-10572 high h2o ts/v0.2.0
CVE-2024-11392 high transformers ts/v0.2.0
CVE-2024-11393 high transformers ts/v0.2.0
CVE-2024-11394 high transformers ts/v0.2.0
CVE-2024-12911 high llama-index ts/v0.2.0
CVE-2024-13009 high org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2024-1483 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-1558 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-1560 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-1593 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-1594 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-1603 high paddlepaddle ts/v0.2.0
CVE-2024-1892 high scrapy ts/v0.2.0
CVE-2024-21536 high http-proxy-middleware 1.3.1 ts/v0.2.0
CVE-2024-21538 high cross-spawn 6.0.5 ts/v0.2.0
CVE-2024-22190 high gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2024-23334 high aiohttp ts/v0.2.0
CVE-2024-26130 high cryptography 39.0.1 ts/v0.2.0
CVE-2024-27134 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-28219 high pillow ts/v0.2.0
CVE-2024-29180 high webpack-dev-middleware 3.7.3 ts/v0.2.0
CVE-2024-2928 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-29415 high ip 2.0.1 ts/v0.2.0
CVE-2024-30251 high aiohttp ts/v0.2.0
CVE-2024-31580 high torch 1.11.0 ts/v0.2.0
CVE-2024-31583 high torch 1.11.0 ts/v0.2.0
CVE-2024-3572 high scrapy ts/v0.2.0
CVE-2024-3574 high scrapy ts/v0.2.0
CVE-2024-37052 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37053 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37054 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37055 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37056 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37057 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37058 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37059 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37060 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37061 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-37890 high ws 8.14.1 ts/v0.2.0
CVE-2024-3848 high mlflow 2.8.1 ts/v0.2.0
CVE-2024-39705 high nltk ts/v0.2.0
CVE-2024-4068 high braces 2.3.2 ts/v0.2.0
CVE-2024-4181 high llama-index ts/v0.2.0
CVE-2024-41950 high haystack-ai ts/v0.2.0
CVE-2024-4264 high litellm ts/v0.2.0
CVE-2024-4340 high sqlparse 1,>= 0.4.0 ts/v0.2.0
CVE-2024-43598 high lightgbm ts/v0.2.0
CVE-2024-47554 high commons-io:commons-io ts/v0.2.0
CVE-2024-4888 high litellm ts/v0.2.0
CVE-2024-52804 high tornado 6.1 ts/v0.2.0
CVE-2024-5979 high h2o ts/v0.2.0
CVE-2024-6587 high litellm ts/v0.2.0
CVE-2024-6825 high litellm ts/v0.2.0
CVE-2024-6854 high h2o ts/v0.2.0
CVE-2024-7254 high com.google.protobuf:protobuf-java ts/v0.2.0
CVE-2024-7765 high h2o ts/v0.2.0
CVE-2024-7768 high h2o ts/v0.2.0
CVE-2024-8062 high h2o ts/v0.2.0
CVE-2024-8616 high h2o ts/v0.2.0
CVE-2024-8859 high mlflow 2.12.2 ts/v0.2.0
CVE-2024-8984 high litellm ts/v0.2.0
CVE-2024-9606 high litellm ts/v0.2.0
CVE-2025-0330 high litellm ts/v0.2.0
CVE-2025-0628 high litellm ts/v0.2.0
CVE-2025-10279 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-11200 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-11201 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-12060 high keras ts/v0.2.0
CVE-2025-12758 high validator 13.15.15 ts/v0.2.0
CVE-2025-14279 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-14287 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-15031 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-15381 high mlflow 2.12.2 ts/v0.2.0
CVE-2025-1550 high keras ts/v0.2.0
CVE-2025-1752 high llama-index ts/v0.2.0
CVE-2025-4565 high protobuf 4.24.0 ts/v0.2.0
CVE-2025-45691 high ragas ts/v0.2.0
CVE-2025-47287 high tornado 6.1 ts/v0.2.0
CVE-2025-48379 high pillow ts/v0.2.0
CVE-2025-54920 high org.apache.spark:spark-core_2.12 3.5.0 ts/v0.2.0
CVE-2025-54920 high org.apache.spark:spark-core_2.13 3.5.0 ts/v0.2.0
CVE-2025-59840 high vega-interpreter 1.0.4 ts/v0.2.0
CVE-2025-6176 high scrapy ts/v0.2.0
CVE-2025-62727 high starlette 0.46.2 ts/v0.2.0
CVE-2025-64168 high agno ts/v0.2.0
CVE-2025-64756 high glob 10.4.5 ts/v0.2.0
CVE-2025-65945 high jws 4.0.0 ts/v0.2.0
CVE-2025-69223 high aiohttp ts/v0.2.0
CVE-2025-6984 high langchain-community 0.3.0 ts/v0.2.0
CVE-2025-7707 high llama-index ts/v0.2.0
CVE-2025-8747 high keras ts/v0.2.0
CVE-2025-9905 high keras ts/v0.2.0
CVE-2025-9906 high keras ts/v0.2.0
CVE-2026-0846 high nltk ts/v0.2.0
CVE-2026-0847 high nltk ts/v0.2.0
CVE-2026-0897 high keras ts/v0.2.0
CVE-2026-0994 high protobuf 4.24.0 ts/v0.2.0
CVE-2026-1260 high sentencepiece ts/v0.2.0
CVE-2026-1462 high keras ts/v0.2.0
CVE-2026-1526 high undici 5.10.0 ts/v0.2.0
CVE-2026-1669 high keras ts/v0.2.0
CVE-2026-2033 high mlflow 2.12.2 ts/v0.2.0
CVE-2026-22029 high @remix-run/router 1.0.1 ts/v0.2.0
CVE-2026-2229 high undici 5.10.0 ts/v0.2.0
CVE-2026-23745 high tar 4.4.10 ts/v0.2.0
CVE-2026-23950 high tar 4.4.10 ts/v0.2.0
CVE-2026-24842 high tar 4.4.10 ts/v0.2.0
CVE-2026-25128 high fast-xml-parser 5.2.5 ts/v0.2.0
CVE-2026-25990 high pillow ts/v0.2.0
CVE-2026-26007 high cryptography 39.0.1 ts/v0.2.0
CVE-2026-26278 high fast-xml-parser 5.2.5 ts/v0.2.0
CVE-2026-26960 high tar 4.4.10 ts/v0.2.0
CVE-2026-26996 high minimatch 9.0.5 ts/v0.2.0
CVE-2026-27459 high pyopenssl 25.3.0 ts/v0.2.0
CVE-2026-27489 high onnx 1.17.0 ts/v0.2.0
CVE-2026-27601 high underscore 1.13.6 ts/v0.2.0
CVE-2026-27903 high minimatch 9.0.5 ts/v0.2.0
CVE-2026-27904 high minimatch 9.0.5 ts/v0.2.0
CVE-2026-28500 high onnx 1.17.0 ts/v0.2.0
CVE-2026-29063 high immutable 3.7.6 ts/v0.2.0
CVE-2026-29074 high svgo 2.8.0 ts/v0.2.0
CVE-2026-29786 high tar 4.4.10 ts/v0.2.0
CVE-2026-30922 high pyasn1 0.6.2 ts/v0.2.0
CVE-2026-31802 high tar 4.4.10 ts/v0.2.0
CVE-2026-31958 high tornado 6.1 ts/v0.2.0
CVE-2026-32141 high flatted 3.3.3 ts/v0.2.0
CVE-2026-33036 high fast-xml-parser 5.2.5 ts/v0.2.0
CVE-2026-33079 high mistune 3.2.0 ts/v0.2.0
CVE-2026-33228 high flatted 3.4.1 ts/v0.2.0
CVE-2026-33231 high nltk ts/v0.2.0
CVE-2026-33236 high nltk ts/v0.2.0
CVE-2026-33671 high picomatch 2.3.1 ts/v0.2.0
CVE-2026-33891 high node-forge 1.3.3 ts/v0.2.0
CVE-2026-33894 high node-forge 1.3.3 ts/v0.2.0
CVE-2026-33895 high node-forge 1.3.3 ts/v0.2.0
CVE-2026-33896 high node-forge 1.3.3 ts/v0.2.0
CVE-2026-34445 high onnx 1.17.0 ts/v0.2.0
CVE-2026-34601 high @xmldom/xmldom 0.8.11 ts/v0.2.0
CVE-2026-35029 high litellm 1.82.6 ts/v0.2.0
CVE-2026-35536 high tornado 6.1 ts/v0.2.0
CVE-2026-40192 high pillow ts/v0.2.0
CVE-2026-41324 high basic-ftp 5.0.5 ts/v0.2.0
CVE-2026-41672 high @xmldom/xmldom 0.8.11 ts/v0.2.0
CVE-2026-41673 high @xmldom/xmldom 0.8.11 ts/v0.2.0
CVE-2026-41674 high @xmldom/xmldom 0.8.11 ts/v0.2.0
CVE-2026-41675 high @xmldom/xmldom 0.8.11 ts/v0.2.0
CVE-2026-42203 high litellm 1.82.6 ts/v0.2.0
CVE-2026-42215 high gitpython 3.1.46 ts/v0.2.0
CVE-2026-42271 high litellm 1.82.6 ts/v0.2.0
CVE-2026-42284 high gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2026-42311 high pillow ts/v0.2.0
CVE-2026-42561 high python-multipart 0.0.26 ts/v0.2.0
CVE-2026-44240 high basic-ftp 5.0.5 ts/v0.2.0
CVE-2026-44243 high gitpython 3.1.47 ts/v0.2.0
CVE-2026-44244 high gitpython 3.1.47 ts/v0.2.0
CVE-2026-44307 high mako 1.3.11 ts/v0.2.0
CVE-2026-44728 high @babel/plugin-transform-modules-systemjs 7.29.0 ts/v0.2.0
CVE-2026-4800 high lodash-es 4.17.21 ts/v0.2.0
CVE-2026-4800 high lodash 4.17.23 ts/v0.2.0
CVE-2026-4867 high path-to-regexp 0.1.12 ts/v0.2.0
CVE-2026-6321 high fast-uri 3.1.0 ts/v0.2.0
CVE-2026-6322 high fast-uri 3.1.0 ts/v0.2.0
GHSA-36jr-mh4h-2g58 high d3-color 1.4.1 ts/v0.2.0
GHSA-5c6j-r48x-rmvq high serialize-javascript 4.0.0 ts/v0.2.0
GHSA-69x8-hrgq-fjj8 high litellm 1.82.6 ts/v0.2.0
GHSA-6v7q-wjvx-w8wg high basic-ftp 5.0.5 ts/v0.2.0
GHSA-cwxj-rr6w-m6w7 high scrapy ts/v0.2.0
GHSA-q56x-g2fj-4rj6 high onnx 1.17.0 ts/v0.2.0
CVE-2011-1498 medium org.apache.httpcomponents:httpclient ts/v0.2.0
CVE-2014-1829 medium requests ts/v0.2.0
CVE-2014-1830 medium requests ts/v0.2.0
CVE-2014-1933 medium pillow ts/v0.2.0
CVE-2014-3577 medium org.apache.httpcomponents:httpclient ts/v0.2.0
CVE-2015-2296 medium requests ts/v0.2.0
CVE-2015-4707 medium ipython 8.7.0 || > 8.7.0 ts/v0.2.0
CVE-2015-5262 medium org.apache.httpcomponents:httpclient ts/v0.2.0
CVE-2015-6938 medium ipython 8.7.0 || > 8.7.0 ts/v0.2.0
CVE-2016-0740 medium pillow ts/v0.2.0
CVE-2016-9189 medium pillow ts/v0.2.0
CVE-2019-10241 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2019-10246 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2019-10247 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2019-25225 medium sanitize-html 1.27.5 ts/v0.2.0
CVE-2020-13956 medium org.apache.httpcomponents:httpclient 4.5.6 ts/v0.2.0
CVE-2020-15250 medium junit:junit 4.12 ts/v0.2.0
CVE-2020-27218 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2020-27223 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2020-35655 medium pillow ts/v0.2.0
CVE-2021-25292 medium pillow ts/v0.2.0
CVE-2021-26539 medium sanitize-html 1.27.5 ts/v0.2.0
CVE-2021-26540 medium sanitize-html 1.27.5 ts/v0.2.0
CVE-2021-28678 medium pillow ts/v0.2.0
CVE-2021-29425 medium commons-io:commons-io ts/v0.2.0
CVE-2021-29510 medium pydantic ts/v0.2.0
CVE-2021-41125 medium scrapy ts/v0.2.0
CVE-2022-0577 medium scrapy ts/v0.2.0
CVE-2022-22815 medium pillow ts/v0.2.0
CVE-2022-22816 medium pillow ts/v0.2.0
CVE-2022-30187 medium azure-storage-blob 12.0.0 ts/v0.2.0
CVE-2022-3171 medium com.google.protobuf:protobuf-java ts/v0.2.0
CVE-2022-41880 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41883 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41884 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41886 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41887 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41888 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41889 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41890 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41891 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41893 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41895 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41896 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41897 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41898 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41899 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41901 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41907 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41908 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41909 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41910 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2022-41911 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2023-1176 medium mlflow ts/v0.2.0
CVE-2023-23936 medium undici 5.10.0 ts/v0.2.0
CVE-2023-25661 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2023-25667 medium tensorflow 2.10.0 ts/v0.2.0
CVE-2023-26048 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0
CVE-2023-2800 medium transformers ts/v0.2.0
CVE-2023-28370 medium tornado 6.1 ts/v0.2.0
CVE-2023-32681 medium requests ts/v0.2.0
CVE-2023-37276 medium aiohttp ts/v0.2.0
CVE-2023-38670 medium paddlepaddle ts/v0.2.0
CVE-2023-38672 medium paddlepaddle ts/v0.2.0
CVE-2023-38674 medium paddlepaddle ts/v0.2.0
CVE-2023-38675 medium paddlepaddle ts/v0.2.0
CVE-2023-38676 medium paddlepaddle ts/v0.2.0
CVE-2023-38677 medium paddlepaddle ts/v0.2.0
CVE-2023-38678 medium paddlepaddle ts/v0.2.0
CVE-2023-41040 medium gitpython 4,>= 3.1.9 ts/v0.2.0
CVE-2023-44270 medium postcss 7.0.39 ts/v0.2.0
CVE-2023-47627 medium aiohttp ts/v0.2.0
CVE-2023-49081 medium aiohttp ts/v0.2.0
CVE-2023-49082 medium aiohttp ts/v0.2.0
CVE-2023-49083 medium cryptography 39.0.1 ts/v0.2.0
CVE-2023-52302 medium paddlepaddle ts/v0.2.0
CVE-2023-52303 medium paddlepaddle ts/v0.2.0
CVE-2023-52305 medium paddlepaddle ts/v0.2.0
CVE-2023-52306 medium paddlepaddle ts/v0.2.0
CVE-2023-52308 medium paddlepaddle ts/v0.2.0
CVE-2023-52312 medium paddlepaddle ts/v0.2.0
CVE-2023-52313 medium paddlepaddle ts/v0.2.0
CVE-2023-6568 medium mlflow 2.8.1 ts/v0.2.0
CVE-2024-0727 medium cryptography 39.0.1 ts/v0.2.0
CVE-2024-12720 medium transformers ts/v0.2.0
CVE-2024-12910 medium llama-index ts/v0.2.0
CVE-2024-1899 medium showdown 1.9.1 ts/v0.2.0
CVE-2024-1968 medium scrapy ts/v0.2.0
CVE-2024-21501 medium sanitize-html 1.27.5 ts/v0.2.0
CVE-2024-22195 medium jinja2 3.0.3 ts/v0.2.0
CVE-2024-23829 medium aiohttp ts/v0.2.0
CVE-2024-27306 medium aiohttp ts/v0.2.0
CVE-2024-28863 medium tar 4.4.10 ts/v0.2.0
CVE-2024-29131 medium org.apache.commons:commons-configuration2 ts/v0.2.0
CVE-2024-29133 medium org.apache.commons:commons-configuration2 ts/v0.2.0
CVE-2024-2965 medium langchain 0.1.20 ts/v0.2.0
CVE-2024-3099 medium mlflow 2.8.1 ts/v0.2.0
CVE-2024-34064 medium jinja2 3.0.3 ts/v0.2.0
CVE-2024-35195 medium requests ts/v0.2.0
CVE-2024-35255 medium azure-identity 1.6.1 ts/v0.2.0
CVE-2024-3571 medium langchain ts/v0.2.0
CVE-2024-3772 medium pydantic ts/v0.2.0
CVE-2024-4067 medium micromatch 3.1.10 ts/v0.2.0
CVE-2024-42367 medium aiohttp ts/v0.2.0
CVE-2024-4263 medium mlflow 2.8.1 ts/v0.2.0
CVE-2024-47081 medium requests ts/v0.2.0
CVE-2024-4890 medium litellm ts/v0.2.0
CVE-2024-5206 medium scikit-learn 1.0.2 ts/v0.2.0
CVE-2024-5225 medium litellm ts/v0.2.0
CVE-2024-52303 medium aiohttp ts/v0.2.0
CVE-2024-52304 medium aiohttp ts/v0.2.0
CVE-2024-53382 medium prismjs 1.25.0 ts/v0.2.0
CVE-2024-55459 medium keras ts/v0.2.0
CVE-2024-5550 medium h2o ts/v0.2.0
CVE-2024-56201 medium jinja2 3.0.3 ts/v0.2.0
CVE-2024-56326 medium jinja2 3.0.3 ts/v0.2.0
CVE-2024-5710 medium litellm ts/v0.2.0
CVE-2024-6838 medium mlflow 2.12.2 ts/v0.2.0
CVE-2024-6863 medium h2o ts/v0.2.0
CVE-2024-8184 medium org.eclipse.jetty:jetty-server 9.4.11.v20180605 ts/v0.2.0

Showing 500 of 500

Beta — feedback welcome: [email protected]