Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

mindsdb — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting mindsdb. AI-powered Chinese analysis, POCs, and references for each vulnerability.

MindsDB is an open-source machine learning platform designed to integrate AI capabilities directly into existing databases, allowing users to predict outcomes using standard SQL queries. Its primary value proposition lies in simplifying the deployment of predictive models for enterprise data workflows. Security audits have identified twenty-one Common Vulnerabilities and Exposures (CVEs) associated with the software, predominantly stemming from its reliance on standard web frameworks and Python dependencies. Historically, these flaws have included remote code execution, cross-site scripting, and improper access control mechanisms that could lead to privilege escalation. While no single catastrophic incident has defined its public history, the accumulation of vulnerabilities highlights risks inherent in complex, rapidly evolving AI infrastructure. Users must prioritize regular patching and strict environment isolation to mitigate these known attack vectors, ensuring that the convenience of native database integration does not compromise system integrity.

Top products by mindsdb: mindsdb mindsdb/mindsdb
CVE IDTitleCVSSSeverityPublished
CVE-2026-27483 MindsDB has Path Traversal in /api/files Leading to Remote Code Execution — mindsdbCWE-22 8.8 High2026-02-24
CVE-2025-68472 MindsDB has improper sanitation of filepath that leads to information disclosure and DOS — mindsdbCWE-22 8.1 High2026-01-12
CVE-2024-45856 MindsDB 安全漏洞 — mindsdbCWE-79 9.0 Critical2024-09-12
CVE-2024-45855 MindsDB 安全漏洞 — mindsdbCWE-502 7.1 High2024-09-12
CVE-2024-45854 MindsDB 安全漏洞 — mindsdbCWE-502 7.1 High2024-09-12
CVE-2024-45853 MindsDB 安全漏洞 — mindsdbCWE-502 7.1 High2024-09-12
CVE-2024-45852 MindsDB 安全漏洞 — mindsdbCWE-502 8.8 High2024-09-12
CVE-2024-45851 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-45850 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-45849 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-45848 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-45847 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-45846 MindsDB 安全漏洞 — mindsdbCWE-95 8.8 High2024-09-12
CVE-2024-24759 MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding — mindsdbCWE-918 9.3 Critical2024-09-05
CVE-2024-3575 Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb — mindsdb/mindsdbCWE-79 5.4 -2024-04-16
CVE-2023-50731 MindsDB has arbitrary file write in file.py — mindsdbCWE-918 9.1 Critical2023-12-22
CVE-2023-49796 MindsDB Arbitrary File Write vulnerability — mindsdbCWE-20 5.3 Medium2023-12-11
CVE-2023-49795 MindsDB Server-Side Request Forgery vulnerability — mindsdbCWE-918 6.5 Medium2023-12-11
CVE-2023-38699 MindsDB 'Call to requests with verify=False disabling SSL certificate checks, security issue.' issue — mindsdbCWE-311 9.1 Critical2023-08-04
CVE-2023-30620 Arbitrary File Write when Extracting a Remotely retrieved Tarball in mindsdb/mindsdb — mindsdbCWE-22 7.5 High2023-04-21
CVE-2022-23522 Arbitrary File Write when Extracting Tarballs retrieved from a remote location using in mindsdb — mindsdbCWE-22 8.5 High2023-03-30

This page lists every published CVE security advisory associated with mindsdb. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.