Zenml Zenml

14 CVEs affecting Zenml Zenml. Latest disclosed: 2025-10-05. Critical: 1, High: 5.

Top CVEs affecting Zenml Zenml
CVESeverityScorePublishedSummary
CVE-2024-2083Critical9.92024-04-16A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnera…
CVE-2024-4680High8.82024-06-08A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Speci…
CVE-2024-28424High8.82024-03-14zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnera…
CVE-2024-25723High8.82024-02-27ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/acti…
CVE-2025-8406High7.82025-10-05ZenML version 0.83.1 is affected by a path traversal vulnerability in the `PathMaterializer` class. The `load` function uses `is_path_within_directory` to vali…
CVE-2024-9340High7.52025-03-20A Denial of Service (DoS) vulnerability in zenml-io/zenml version 0.66.0 allows unauthenticated attackers to cause excessive resource consumption by sending ma…
CVE-2024-2035Medium6.52024-06-06An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability…
CVE-2024-5062Medium6.12024-06-30A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization o…
CVE-2024-2383Medium6.12024-06-06A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options o…
CVE-2024-4311Medium5.42024-11-14zenml-io/zenml version 0.56.4 is vulnerable to an account takeover due to the lack of rate-limiting in the password change function. An attacker can brute-forc…
CVE-2024-2171Medium4.82024-06-06A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malic…
CVE-2024-2260Medium4.22024-04-16A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This…
CVE-2024-2213Low3.32024-06-06An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active…
CVE-2024-2032Low3.12024-06-06A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same user…