Product
mindsdb
22 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-27483
CVE-2026-2531
CVE-2025-68472
CVE-2024-45856
CVE-2024-45855
CVE-2024-45854
CVE-2024-45853
CVE-2024-45852
CVE-2024-45851
CVE-2024-45850
CVE-2024-45849
CVE-2024-45848
CVE-2024-45847
CVE-2024-45846
CVE-2024-24759
CVE-2024-3575
CVE-2023-50731
CVE-2023-49796
CVE-2023-49795
CVE-2023-38699
CVE-2023-30620
CVE-2022-23522
< 25.9.1.1
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.9.1.1, there is a path traver
<= 25.14.1
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the
< 25.11.1
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path
all versions
A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript
>= 23.10.2.0
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously upload
>= 23.10.3.0
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously upload
>= 23.10.2.0
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously upload
>= 23.3.2.0
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploade
>= 23.10.5.0 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft
>= 23.10.5.0 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft
>= 23.10.5.0 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft
>= 23.12.4.0 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB i
>= 23.11.4.2 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several
>= 23.10.3.0 and < 24.7.4.1
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate i
< 23.12.4.2
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can by
all versions
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb
< 23.11.4.1
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the
put method in `mindsdb/mindsdb/api/http/namall versions
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulner
< 23.11.4.1
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forge
< 23.7.4.0
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to
<= 23.1.5.0
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being p
< 22.11.4.3
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using
shutil.unpack_archive() from