mindsdb

Top products

The 15 most recently published vulnerabilities affecting mindsdb.

• CVE-2026-27483MindsDB has Path Traversal in /api/files Leading to Remote Code Execution8.8Feb 24, 2026
• CVE-2026-2531MindsDB File Upload security.py clear_filename server-side request forgery6.3Feb 16, 2026
• CVE-2025-68472MindsDB has improper sanitation of filepath that leads to information disclosure and DOS8.1Jan 12, 2026
• CVE-2024-45854MindsDB Deserialization of Untrusted Data vulnerability7.1Sep 12, 2024
• CVE-2024-45847MindsDB Eval Injection vulnerability8.8Sep 12, 2024
• CVE-2024-45856A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project,...9.0Sep 12, 2024
• CVE-2024-45855Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when usi...7.1Sep 12, 2024
• CVE-2024-45853Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when use...7.1Sep 12, 2024
• CVE-2024-45852Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.8.8Sep 12, 2024
• CVE-2024-45851An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases cr...8.8Sep 12, 2024
• CVE-2024-45850An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases cr...8.8Sep 12, 2024
• CVE-2024-45849An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases cr...8.8Sep 12, 2024
• CVE-2024-45848An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘IN...8.8Sep 12, 2024
• CVE-2024-45846An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SE...8.8Sep 12, 2024
• CVE-2024-24759MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding9.3Sep 5, 2024