pkg:PyPI/mindsdb

42 total CVEsCRITICAL7HIGH27MEDIUM8

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.3CVE-2024-24759MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
    from 0, < 23.12.4.2
  • CRITICAL9.3CVE-2024-24759MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
    from 0, < 5f7496481bd3db1d06a2d2e62c0dce960a1fe12b | from 0, < 23.12.4.2
  • CRITICAL9.1CVE-2023-50731GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
    from 0, < 23.11.4.1
  • CRITICAL9.1CVE-2023-50731GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
    from 0, < 23.11.4.1
  • CRITICAL9.1CVE-2023-38699MindsDB can be made to not verify SSL certificates
    from 0, < 23.7.4.0
  • CRITICAL9.1CVE-2023-38699MindsDB can be made to not verify SSL certificates
    from 0, < 083afcf6567cf51aa7d89ea892fd97689919053b | from 0, < 23.7.4.0
  • CRITICAL9.0CVE-2024-45856MindsDB Cross-site Scripting vulnerability
    from 0, <= 24.9.2.1
  • HIGH8.8CVE-2026-27483MindsDB: Path Traversal in /api/files Leading to Remote Code Execution
    from 0, < 25.9.1.1
  • HIGH8.8CVE-2024-45851MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45852MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.3.2.0
  • HIGH8.8CVE-2024-45852MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.3.2.0, <= 24.9.2.1
  • HIGH8.8CVE-2024-45851MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45846MindsDB Eval Injection vulnerability
    >= 23.10.3.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45849MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45850MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45848MindsDB Eval Injection vulnerability
    >= 23.12.4.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45849MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45847MindsDB Eval Injection vulnerability
    >= 23.11.4.2, < 24.7.4.1
  • HIGH8.8CVE-2024-45850MindsDB Eval Injection vulnerability
    >= 23.10.5.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45846MindsDB Eval Injection vulnerability
    >= 23.10.3.0, < 24.7.4.1
  • HIGH8.8CVE-2024-45848MindsDB Eval Injection vulnerability
    >= 23.12.4.0, < 24.7.4.1
  • HIGH8.5CVE-2022-23522Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
    from 0, < 22.11.4.3
  • HIGH8.5CVE-2022-23522Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location
    from 0, < 22.11.4.3
  • HIGH8.1CVE-2025-68472MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
    from 0, < 25.11.1
  • HIGH8.1CVE-2025-68472MindsDB has improper sanitation of filepath that leads to information disclosure and DOS
    from 0, < 25.11.1
  • HIGH7.5CVE-2023-30620mindsdb arbitrary file write when extracting a remotely retrieved Tarball
    from 0, < 23.2.1.0
  • HIGH7.5CVE-2023-30620mindsdb arbitrary file write when extracting a remotely retrieved Tarball
    from 0, < 4419b0f0019c000db390b54d8b9d06e1d3670039 | from 0, < 23.2.1.0
  • HIGH7.3CVE-2026-7711MindsDB has an Improper Access Control Issue
    from 0, <= 26.0.1
  • HIGH7.1CVE-2024-45854MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.3.0
  • HIGH7.1CVE-2024-45854MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.3.0, <= 24.9.2.1
  • HIGH7.1CVE-2024-45855MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.2.0, <= 24.9.2.1
  • HIGH7.1CVE-2024-45853MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.2.0, <= 24.9.2.1
  • HIGH7.1CVE-2024-45855MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.2.0
  • HIGH7.1CVE-2024-45853MindsDB Deserialization of Untrusted Data vulnerability
    >= 23.10.2.0
  • MEDIUM6.5CVE-2023-49795Server-Side Request Forgery in mindsdb
    from 0, < 8d13c9c28ebcf3b36509eb679378004d4648d8fe | from 0, < 23.11.4.1
  • MEDIUM6.5CVE-2023-49795Server-Side Request Forgery in mindsdb
    from 0, < 23.11.4.1
  • MEDIUM6.3CVE-2026-2531MindsDB affected by a SSRF vulnerability
    from 0, < 26.0.0rc1
  • MEDIUM6.3CVE-2026-2531MindsDB affected by a SSRF vulnerability
    from 0, <= 25.14.1
  • MEDIUM5.8CVE-2024-3575Cross-site Scripting (XSS) in mindsdb/mindsdb
    from 0, <= 23.6.3.1
  • MEDIUM5.8CVE-2024-3575Cross-site Scripting (XSS) in mindsdb/mindsdb
    from 0, <= 23.6.3.1
  • MEDIUM5.3CVE-2023-49796Improper Input Validation in mindsdb
    from 0, < 23.11.4.1
  • MEDIUM5.3CVE-2023-49796Improper Input Validation in mindsdb
    from 0, < 8d13c9c28ebcf3b36509eb679378004d4648d8fe | from 0