VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/35115?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/35115?format=api",
    "purl": "pkg:pypi/mindsdb@23.2.4.1",
    "type": "pypi",
    "namespace": "",
    "name": "mindsdb",
    "version": "23.2.4.1",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "26.0.0rc1",
    "latest_non_vulnerable_version": "26.0.0rc1",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36860?format=api",
            "vulnerability_id": "VCID-jzag-uvvs-3fca",
            "summary": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
                        },
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
                        },
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
                        },
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
                        },
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24759",
                    "reference_id": "CVE-2024-24759",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"
                        },
                        {
                            "value": "7.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24759"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-4jcv-vp96-94xr",
                    "reference_id": "GHSA-4jcv-vp96-94xr",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-4jcv-vp96-94xr"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/42584?format=api",
                    "purl": "pkg:pypi/mindsdb@23.12.4.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ba2s-8e42-7ucs"
                        },
                        {
                            "vulnerability": "VCID-d1sm-yyqm-fug8"
                        },
                        {
                            "vulnerability": "VCID-fjec-rvym-t3f1"
                        },
                        {
                            "vulnerability": "VCID-k6m1-mehq-pbez"
                        },
                        {
                            "vulnerability": "VCID-kttw-x13y-b3fj"
                        },
                        {
                            "vulnerability": "VCID-stp6-86fa-cubn"
                        },
                        {
                            "vulnerability": "VCID-uab9-6bgh-efct"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.2"
                }
            ],
            "aliases": [
                "CVE-2024-24759",
                "GHSA-4jcv-vp96-94xr",
                "PYSEC-2024-74"
            ],
            "risk_score": 4.2,
            "exploitability": "0.5",
            "weighted_severity": "8.4",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzag-uvvs-3fca"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36508?format=api",
            "vulnerability_id": "VCID-pcv6-h5w9-ybe2",
            "summary": "MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/commit/083afcf6567cf51aa7d89ea892fd97689919053b"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/releases/tag/v23.7.4.0"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"
                        },
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-8hx6-qv6f-xgcw"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-140.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-140.yaml"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38699",
                    "reference_id": "CVE-2023-38699",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"
                        },
                        {
                            "value": "CRITICAL",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38699"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/35148?format=api",
                    "purl": "pkg:pypi/mindsdb@23.7.4.0",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-jzag-uvvs-3fca"
                        },
                        {
                            "vulnerability": "VCID-qv2m-udp6-6fb8"
                        },
                        {
                            "vulnerability": "VCID-stp6-86fa-cubn"
                        },
                        {
                            "vulnerability": "VCID-uab9-6bgh-efct"
                        },
                        {
                            "vulnerability": "VCID-vuny-bz3z-kfg4"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.7.4.0"
                }
            ],
            "aliases": [
                "CVE-2023-38699",
                "GHSA-8hx6-qv6f-xgcw",
                "PYSEC-2023-140"
            ],
            "risk_score": 4.5,
            "exploitability": "0.5",
            "weighted_severity": "9.0",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pcv6-h5w9-ybe2"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36655?format=api",
            "vulnerability_id": "VCID-qv2m-udp6-6fb8",
            "summary": "MindsDB is a SQL Server for artificial intelligence. Prior to version 23.11.4.1, the `put` method in `mindsdb/mindsdb/api/http/namespaces/file.py` does not validate the user-controlled name value, which is used in a temporary file name, which is afterwards opened for writing on lines 122-125, which leads to path injection. Later in the method, the temporary directory is deleted on line 151, but since we can write outside of the directory using the path injection vulnerability, the potentially dangerous file is not deleted. Arbitrary file contents can be written due to `f.write(chunk)` on line 125. Mindsdb does check later on line 149 in the `save_file` method in `file-controller.py` which calls the `_handle_source` method in `file_handler.py` if a file is of one of the types `csv`, `json`, `parquet`, `xls`, or `xlsx`. However, since the check happens after the file has already been written, the files will still exist (and will not be removed due to the path injection described earlier), just the `_handle_source` method will return an error. The same user-controlled source source is used also in another path injection sink on line 138. This leads to another path injection, which allows an attacker to delete any `zip` or `tar.gz` files on the server.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L122-L125"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/blob/1821da719f34c022890c9ff25810218e71c5abbc/mindsdb/api/http/namespaces/file.py#L138"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-j8w6-2r9h-cxhj"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-279.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-279.yaml"
                },
                {
                    "reference_url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb"
                },
                {
                    "reference_url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        }
                    ],
                    "url": "https://securitylab.github.com/advisories/GHSL-2023-182_GHSL-2023-184_mindsdb_mindsdb/"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50731",
                    "reference_id": "CVE-2023-50731",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "8.8",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50731"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-j8w6-2r9h-cxhj",
                    "reference_id": "GHSA-j8w6-2r9h-cxhj",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-j8w6-2r9h-cxhj"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38256?format=api",
                    "purl": "pkg:pypi/mindsdb@23.11.4.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ba2s-8e42-7ucs"
                        },
                        {
                            "vulnerability": "VCID-d1sm-yyqm-fug8"
                        },
                        {
                            "vulnerability": "VCID-jzag-uvvs-3fca"
                        },
                        {
                            "vulnerability": "VCID-k6m1-mehq-pbez"
                        },
                        {
                            "vulnerability": "VCID-kttw-x13y-b3fj"
                        },
                        {
                            "vulnerability": "VCID-stp6-86fa-cubn"
                        },
                        {
                            "vulnerability": "VCID-uab9-6bgh-efct"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.11.4.1"
                }
            ],
            "aliases": [
                "CVE-2023-50731",
                "GHSA-j8w6-2r9h-cxhj",
                "GMS-2023-6179",
                "PYSEC-2023-279"
            ],
            "risk_score": 4.1,
            "exploitability": "0.5",
            "weighted_severity": "8.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qv2m-udp6-6fb8"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37211?format=api",
            "vulnerability_id": "VCID-stp6-86fa-cubn",
            "summary": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/issues/12163",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/issues/12163"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/pull/12213",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/pull/12213"
                },
                {
                    "reference_url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed"
                },
                {
                    "reference_url": "https://vuldb.com/?ctiid.346119",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://vuldb.com/?ctiid.346119"
                },
                {
                    "reference_url": "https://vuldb.com/?id.346119",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://vuldb.com/?id.346119"
                },
                {
                    "reference_url": "https://vuldb.com/?submit.748219",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "7.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://vuldb.com/?submit.748219"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2531",
                    "reference_id": "CVE-2026-2531",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
                        },
                        {
                            "value": "2.1",
                            "scoring_system": "cvssv4",
                            "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"
                        },
                        {
                            "value": "LOW",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2531"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-6xw9-2p64-7622",
                    "reference_id": "GHSA-6xw9-2p64-7622",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-6xw9-2p64-7622"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/47612?format=api",
                    "purl": "pkg:pypi/mindsdb@26.0.0rc1",
                    "is_vulnerable": false,
                    "affected_by_vulnerabilities": [],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.0.0rc1"
                }
            ],
            "aliases": [
                "CVE-2026-2531",
                "GHSA-6xw9-2p64-7622",
                "PYSEC-2026-91"
            ],
            "risk_score": 3.3,
            "exploitability": "0.5",
            "weighted_severity": "6.6",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stp6-86fa-cubn"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37180?format=api",
            "vulnerability_id": "VCID-uab9-6bgh-efct",
            "summary": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7"
                },
                {
                    "reference_url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "9.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68472",
                    "reference_id": "CVE-2025-68472",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "8.1",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"
                        },
                        {
                            "value": "HIGH",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68472"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-qqhf-pm3j-96g7",
                    "reference_id": "GHSA-qqhf-pm3j-96g7",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-qqhf-pm3j-96g7"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/47081?format=api",
                    "purl": "pkg:pypi/mindsdb@25.11.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-stp6-86fa-cubn"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.11.1"
                }
            ],
            "aliases": [
                "CVE-2025-68472",
                "GHSA-qqhf-pm3j-96g7",
                "PYSEC-2026-90"
            ],
            "risk_score": 4.1,
            "exploitability": "0.5",
            "weighted_severity": "8.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uab9-6bgh-efct"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36632?format=api",
            "vulnerability_id": "VCID-vuny-bz3z-kfg4",
            "summary": "MindsDB connects artificial intelligence models to real time data. Versions prior to 23.11.4.1 contain a server-side request forgery vulnerability in `file.py`. This can lead to limited information disclosure. Users should use MindsDB's `staging` branch or v23.11.4.1, which contain a fix for the issue.",
            "references": [
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/commit/8d13c9c28ebcf3b36509eb679378004d4648d8fe"
                },
                {
                    "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "5.3",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
                        },
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-34mr-6q8x-g9r6"
                },
                {
                    "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-277.yaml",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2023-277.yaml"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49795",
                    "reference_id": "CVE-2023-49795",
                    "reference_type": "",
                    "scores": [
                        {
                            "value": "6.5",
                            "scoring_system": "cvssv3.1",
                            "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"
                        },
                        {
                            "value": "MODERATE",
                            "scoring_system": "generic_textual",
                            "scoring_elements": ""
                        }
                    ],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49795"
                },
                {
                    "reference_url": "https://github.com/advisories/GHSA-34mr-6q8x-g9r6",
                    "reference_id": "GHSA-34mr-6q8x-g9r6",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://github.com/advisories/GHSA-34mr-6q8x-g9r6"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/38256?format=api",
                    "purl": "pkg:pypi/mindsdb@23.11.4.1",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-ba2s-8e42-7ucs"
                        },
                        {
                            "vulnerability": "VCID-d1sm-yyqm-fug8"
                        },
                        {
                            "vulnerability": "VCID-jzag-uvvs-3fca"
                        },
                        {
                            "vulnerability": "VCID-k6m1-mehq-pbez"
                        },
                        {
                            "vulnerability": "VCID-kttw-x13y-b3fj"
                        },
                        {
                            "vulnerability": "VCID-stp6-86fa-cubn"
                        },
                        {
                            "vulnerability": "VCID-uab9-6bgh-efct"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.11.4.1"
                }
            ],
            "aliases": [
                "CVE-2023-49795",
                "GHSA-34mr-6q8x-g9r6",
                "PYSEC-2023-277"
            ],
            "risk_score": 3.1,
            "exploitability": "0.5",
            "weighted_severity": "6.2",
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vuny-bz3z-kfg4"
        }
    ],
    "fixing_vulnerabilities": [],
    "risk_score": "4.5",
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.2.4.1"
}

Package Instance