📦 Mindsdb
by Mindsdb
🔍 What is Mindsdb?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A stored cross-site scripting (XSS) vulnerability in MindsDB allows attackers to inject malicious JavaScript into ML Engine, database, project, or dataset names. When users view these objects in the w...
This CVE describes a server-side request forgery (SSRF) vulnerability in MindsDB that allows attackers to bypass SSRF protection using DNS rebinding techniques. Attackers can potentially access intern...
This is a path injection vulnerability in MindsDB that allows attackers to write arbitrary files to the server filesystem and delete zip/tar.gz files. It affects all MindsDB instances prior to version...
MindsDB versions before 23.7.4.0 had disabled SSL certificate verification in requests, allowing man-in-the-middle attacks to intercept and potentially modify data between MindsDB and external data so...
CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB's file upload API that allows attackers to read arbitrary files from the server filesystem and move them into MindsDB's sto...
CVE-2024-45852 is a deserialization vulnerability in MindsDB that allows remote code execution when malicious models are uploaded. Attackers can execute arbitrary code on the server by exploiting unsa...
This vulnerability allows remote code execution on MindsDB servers through deserialization of untrusted data in uploaded models. Attackers can execute arbitrary code when a 'describe' query is run on ...
This vulnerability allows remote code execution on MindsDB servers when the ChromaDB integration is installed. Attackers can execute arbitrary Python code by sending specially crafted INSERT queries t...
This vulnerability allows remote code execution on MindsDB servers when the Microsoft SharePoint integration is installed. Attackers can craft malicious INSERT queries containing Python code that gets...
This vulnerability allows remote code execution on MindsDB servers when the Weaviate integration is installed. Attackers can execute arbitrary Python code by crafting malicious SELECT WHERE clauses ag...
CVE-2023-30620 is a path traversal vulnerability in mindsdb's tarball extraction that allows attackers to write files to arbitrary locations on the server. This affects all users running mindsdb versi...