| CVE-2026-7711 |
high |
7.3 |
7.3 |
|
|
|
26d ago |
MindsDB has an Improper Access Control Issue |
| CVE-2026-2531 |
high |
7.3 |
7.3 |
|
|
|
3mo ago |
A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Suc… |
| CVE-2026-27483 |
unknown |
— |
— |
|
|
|
3mo ago |
MindsDB: Path Traversal in /api/files Leading to Remote Code Execution |
| CVE-2025-68472 |
unknown |
— |
— |
|
|
|
5mo ago |
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary file… |
| CVE-2024-45852 |
unknown |
— |
— |
|
|
|
2y ago |
Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with. |
| CVE-2024-45856 |
unknown |
— |
— |
|
|
|
2y ago |
MindsDB Cross-site Scripting vulnerability |
| CVE-2024-45851 |
unknown |
— |
— |
|
|
|
2y ago |
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea… |
| CVE-2024-45854 |
unknown |
— |
— |
|
|
|
2y ago |
Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘descri… |
| CVE-2024-45853 |
unknown |
— |
— |
|
|
|
2y ago |
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for … |
| CVE-2024-45855 |
unknown |
— |
— |
|
|
|
2y ago |
Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘fi… |
| CVE-2024-45849 |
unknown |
— |
— |
|
|
|
2y ago |
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea… |
| CVE-2024-45846 |
unknown |
— |
— |
|
|
|
2y ago |
An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT… |
| CVE-2024-45847 |
unknown |
— |
— |
|
|
|
2y ago |
MindsDB Eval Injection vulnerability |
| CVE-2024-45848 |
unknown |
— |
— |
|
|
|
2y ago |
An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT… |
| CVE-2024-45850 |
unknown |
— |
— |
|
|
|
2y ago |
An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases crea… |
| CVE-2024-24759 |
unknown |
— |
— |
|
|
|
2y ago |
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website … |
| CVE-2024-3575 |
unknown |
— |
— |
|
|
|
2y ago |
Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb |
| CVE-2023-50731 |
unknown |
— |
— |
|
|
|
3y ago |
MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, wh… |
| CVE-2023-49796 |
unknown |
— |
— |
|
|
|
3y ago |
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a limited file write vulnerability in `file.py` Users should use MindsDB's `staging` branch or v… |
| CVE-2023-49795 |
unknown |
— |
— |
|
|
|
3y ago |
MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information d… |
| CVE-2023-38699 |
unknown |
— |
— |
|
|
|
3y ago |
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This r… |
| CVE-2023-30620 |
unknown |
— |
— |
|
|
|
3y ago |
mindsdb is a Machine Learning platform to help developers build AI solutions. In affected versions an unsafe extraction is being performed using `tarfile.extractall()` from a remotely retrieved tarba… |
| CVE-2022-23522 |
unknown |
— |
— |
|
|
|
3y ago |
MindsDB is an open source machine learning platform. An unsafe extraction is being performed using `shutil.unpack_archive()` from a remotely retrieved tarball. Which may lead to the writing of the ex… |