clearml

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting clearmlpage 1 of 1

CVE-2024-24590HIGHCVSS 8.0EG 8.8
2024-02-06
vulnerable: 0.17.0 ... 1.9.3 (146 versions)
Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with.
CVE-2024-24591HIGHCVSS 8.0EG 8.8
2024-02-06
vulnerable: 0.17.0 ... 1.9.3 (146 versions)
A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when i…
CVE-2024-24595MEDIUMCVSS 6.0EG 6.0
2024-02-05
vulnerable: 0.17.0 ... 1.9.3 (148 versions)
Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords.
CVE-2025-8917MEDIUMCVSS 5.8EG 5.8✓ Fixed in 2.0.2
2025-10-05
vulnerable: 0.17.0 ... 2.0.1 (179 versions)
A vulnerability in allegroai/clearml version v2.0.1 allows for path traversal due to improper handling of symbolic and hard links in the `safe_extract` function. This flaw can lead to arbitrary file writes outside the intended directory, p…

Check whether clearml is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for clearml CVEs against the assets you own.

Start Free Scan →