Mindsdb Security Vulnerabilities (CVEs)

Track 11 security vulnerabilities affecting Mindsdb products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

7 High

Sort by:

🔔 Get Alerts for Mindsdb

CVE-2025-68472 8.1

CVE-2025-68472 is an unauthenticated path traversal vulnerability in MindsDB's file upload API that allows attackers to read arbitrary files from the ...

Jan 12, 2026

CVE-2024-45856 9.0

A stored cross-site scripting (XSS) vulnerability in MindsDB allows attackers to inject malicious JavaScript into ML Engine, database, project, or dat...

Sep 12, 2024

CVE-2024-45852 8.8

CVE-2024-45852 is a deserialization vulnerability in MindsDB that allows remote code execution when malicious models are uploaded. Attackers can execu...

Sep 12, 2024

CVE-2024-45854 7.1

This vulnerability allows remote code execution on MindsDB servers through deserialization of untrusted data in uploaded models. Attackers can execute...

Sep 12, 2024

CVE-2024-45848 8.8

This vulnerability allows remote code execution on MindsDB servers when the ChromaDB integration is installed. Attackers can execute arbitrary Python ...

Sep 12, 2024

CVE-2024-45850 8.8

This vulnerability allows remote code execution on MindsDB servers when the Microsoft SharePoint integration is installed. Attackers can craft malicio...

Sep 12, 2024

CVE-2024-45846 8.8

This vulnerability allows remote code execution on MindsDB servers when the Weaviate integration is installed. Attackers can execute arbitrary Python ...

Sep 12, 2024

CVE-2024-24759 9.3

This CVE describes a server-side request forgery (SSRF) vulnerability in MindsDB that allows attackers to bypass SSRF protection using DNS rebinding t...

Sep 5, 2024

CVE-2023-50731 9.1

This is a path injection vulnerability in MindsDB that allows attackers to write arbitrary files to the server filesystem and delete zip/tar.gz files....

Dec 22, 2023

CVE-2023-38699 9.1

MindsDB versions before 23.7.4.0 had disabled SSL certificate verification in requests, allowing man-in-the-middle attacks to intercept and potentiall...

Aug 4, 2023

CVE-2023-30620 7.5

CVE-2023-30620 is a path traversal vulnerability in mindsdb's tarball extraction that allows attackers to write files to arbitrary locations on the se...

Apr 21, 2023

Why Monitor Mindsdb Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 11+ known vulnerabilities affecting Mindsdb products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Mindsdb packages in under 60 seconds. No agents required - completely agentless scanning that works across Mindsdb deployments.

Free vulnerability database: Access detailed information about every Mindsdb CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Mindsdb CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Mindsdb CVEs Free