SecAlerts
CVE ListPricingSign Up
lfprojects logo

lfprojects

Security Risk Profile

52
/100
medium

Security Risk Score

Comprehensive risk assessment based on 99 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from February 23, 2022 to present

99
Total CVEs
79
Critical+High
0
Exploited
22
Unpatched

Threat Assessment

Avg CVSS
7.9
Base severity
Avg EPSS
3%
Exploit probability
Unpatched
22
Critical/High
Risk Level
52/100
medium
📈 5 in Last 30 Days

Severity Distribution

Critical
27
High
52
Medium
18
Low
2

Exploit Likelihood

>50% chance
1
20-50%
0
5-20%
0
<5%
34

Age Distribution

Common Weaknesses (CWE)

1
Path Traversal
28
2
Command Injection
6
3
XSS
5
4
Input Validation
5
5
SSRF
3

Most Affected Products

1. Lfprojects Mlflow67
2. pip/mlflow62
3. Lfprojects Valkey15
4. Lfprojects Vector Packet Processor11
5. pypi/mlflow10

Recent Vulnerabilities

See more →
CVE-2026-2611
CVSS 9.6critical

Improper Origin Validation in mlflow/mlflow

5/19/2026
CVE-2026-2652
CVSS 8.6high

Authentication Bypass in mlflow/mlflow

5/15/2026
CVE-2026-44430
CVSS 6.3medium

MCP Registry: Unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist

5/8/2026
CVE-2026-44429
CVSS 5.1medium

MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

5/8/2026
CVE-2026-44428
CVSS 2.1low

MCP Registry: GitHub OIDC tokens replayable across registry deployments due to shared audience

5/8/2026
CVE-2026-40090
CVSS 7.1high

Zarf has a Path Traversal via Malicious Package Metadata.Name — Arbitrary File Write

4/14/2026
CVE-2026-35568
CVSS 7.6high

MCP Java-SDK has a DNS Rebinding Vulnerability

4/7/2026
CVE-2026-33866
CVSS 5.3medium

Authorization Bypass in MLflow AJAX Endpoint

4/7/2026
CVE-2026-33865
CVSS 5.1medium

Stored XSS via unsafe YAML parsing in MLflow

4/7/2026
CVE-2026-0545
CVSS 9.8critical

Missing Authentication for Critical Function in mlflow/mlflow

4/3/2026🔧 No Patch

Monitor lfprojects in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.