MindsDB (Python) – Support, CVEs & Health

GHSA-2g5w-29q9-w6hx CVSS_V3

mindsdb arbitrary file write when extracting a remotely retrieved Tarball

Published: 2023-03-30 Fixed in: 23.2.1.0

GHSA-32fj-r8qw-r8w8 CVSS_V3

MindsDB Cross-site Scripting vulnerability

Published: 2024-09-12 No fix available

GHSA-34mr-6q8x-g9r6 CVSS_V3

Server-Side Request Forgery in mindsdb

Published: 2023-12-12 Fixed in: 23.11.4.1

GHSA-4894-xqv6-vrfq CVSS_V3

MindsDB: Path Traversal in /api/files Leading to Remote Code Execution

Published: 2026-02-24 Fixed in: 25.9.1.1

GHSA-4jcv-vp96-94xr CVSS_V3

MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding

Published: 2024-09-05 Fixed in: 23.12.4.2

GHSA-6xw9-2p64-7622 CVSS_V3

MindsDB affected by a SSRF vulnerability

Published: 2026-02-16 No fix available

GHSA-7vhh-gfjc-x8rm CVSS_V3

MindsDB Deserialization of Untrusted Data vulnerability

Published: 2024-09-12 No fix available

GHSA-7vhj-pfwv-hx3w CVSS_V3

MindsDB Deserialization of Untrusted Data vulnerability

Published: 2024-09-12 No fix available

GHSA-7x45-phmr-9wqp CVSS_V3

Arbitrary file write in mindsdb when Extracting Tarballs retrieved from a remote location

Published: 2023-03-30 Fixed in: 22.11.4.3

GHSA-8hx6-qv6f-xgcw CVSS_V3

MindsDB can be made to not verify SSL certificates

Published: 2023-08-01 Fixed in: 23.7.4.0

MindsDB