Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/42591?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/42591?format=api", "purl": "pkg:pypi/mindsdb@24.4.2.0", "type": "pypi", "namespace": "", "name": "mindsdb", "version": "24.4.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "26.1.0rc1", "latest_non_vulnerable_version": "26.1.0rc1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36871?format=api", "vulnerability_id": "VCID-1gz1-9n27-p3gf", "summary": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45329", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45284", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45325", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4531", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45855" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T16:59:31Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45855", "reference_id": "CVE-2024-45855", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45855" }, { "reference_url": "https://github.com/advisories/GHSA-fr9q-rgwq-g5r5", "reference_id": "GHSA-fr9q-rgwq-g5r5", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fr9q-rgwq-g5r5" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45855", "GHSA-fr9q-rgwq-g5r5", "PYSEC-2024-85" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1gz1-9n27-p3gf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36865?format=api", "vulnerability_id": "VCID-5k2e-1txt-9uch", "summary": "Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45852", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.4806", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48104", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48108", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00246", "scoring_system": "epss", "scoring_elements": "0.48089", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45852" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:14:17Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45852", "reference_id": "CVE-2024-45852", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45852" }, { "reference_url": "https://github.com/advisories/GHSA-7vhj-pfwv-hx3w", "reference_id": "GHSA-7vhj-pfwv-hx3w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vhj-pfwv-hx3w" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45852", "GHSA-7vhj-pfwv-hx3w", "PYSEC-2024-82" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5k2e-1txt-9uch" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36863?format=api", "vulnerability_id": "VCID-ba2s-8e42-7ucs", "summary": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45849", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68509", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68523", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68525", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45849" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:01:54Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45849", "reference_id": "CVE-2024-45849", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45849" }, { "reference_url": "https://github.com/advisories/GHSA-c85f-pcx6-2ghm", "reference_id": "GHSA-c85f-pcx6-2ghm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c85f-pcx6-2ghm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45849", "GHSA-c85f-pcx6-2ghm", "PYSEC-2024-79" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ba2s-8e42-7ucs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36868?format=api", "vulnerability_id": "VCID-c9zz-2wmt-t3hj", "summary": "Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45854", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45329", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45284", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45325", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.4531", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45854" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:05:13Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45854", "reference_id": "CVE-2024-45854", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45854" }, { "reference_url": "https://github.com/advisories/GHSA-7vhh-gfjc-x8rm", "reference_id": "GHSA-7vhh-gfjc-x8rm", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vhh-gfjc-x8rm" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45854", "GHSA-7vhh-gfjc-x8rm", "PYSEC-2024-84" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9zz-2wmt-t3hj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36866?format=api", "vulnerability_id": "VCID-cgk6-21yc-r3ad", "summary": "Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45853", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52951", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52945", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52906", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00293", "scoring_system": "epss", "scoring_elements": "0.52931", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45853" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:12:46Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45853", "reference_id": "CVE-2024-45853", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45853" }, { "reference_url": "https://github.com/advisories/GHSA-q9r8-89xr-4xv4", "reference_id": "GHSA-q9r8-89xr-4xv4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q9r8-89xr-4xv4" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45853", "GHSA-q9r8-89xr-4xv4", "PYSEC-2024-83" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgk6-21yc-r3ad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36864?format=api", "vulnerability_id": "VCID-d1sm-yyqm-fug8", "summary": "An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45846", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63471", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63492", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45846" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:38:31Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45846", "reference_id": "CVE-2024-45846", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45846" }, { "reference_url": "https://github.com/advisories/GHSA-wcjw-3v6p-4v3r", "reference_id": "GHSA-wcjw-3v6p-4v3r", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wcjw-3v6p-4v3r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45846", "GHSA-wcjw-3v6p-4v3r", "PYSEC-2024-77" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sm-yyqm-fug8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36869?format=api", "vulnerability_id": "VCID-fjec-rvym-t3f1", "summary": "An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45848", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63492", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63471", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45848" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:34:37Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45848", "reference_id": "CVE-2024-45848", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45848" }, { "reference_url": "https://github.com/advisories/GHSA-9gq6-6936-885w", "reference_id": "GHSA-9gq6-6936-885w", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9gq6-6936-885w" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45848", "GHSA-9gq6-6936-885w", "PYSEC-2024-78" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fjec-rvym-t3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36870?format=api", "vulnerability_id": "VCID-k6m1-mehq-pbez", "summary": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45850", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68509", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68523", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68525", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45850" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:16:12Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45850", "reference_id": "CVE-2024-45850", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45850" }, { "reference_url": "https://github.com/advisories/GHSA-v6g6-3cm3-vf6c", "reference_id": "GHSA-v6g6-3cm3-vf6c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6g6-3cm3-vf6c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45850", "GHSA-v6g6-3cm3-vf6c", "PYSEC-2024-80" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m1-mehq-pbez" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94134?format=api", "vulnerability_id": "VCID-krac-rtac-2qe5", "summary": "MindsDB has an Improper Access Control Issue\nA weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7711", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17351", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17235", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17315", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00054", "scoring_system": "epss", "scoring_elements": "0.17355", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7711" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/" } ], "url": "https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7711", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7711" }, { "reference_url": "https://vuldb.com/submit/806822", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/" } ], "url": "https://vuldb.com/submit/806822" }, { "reference_url": "https://vuldb.com/vuln/360887", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/" } ], "url": "https://vuldb.com/vuln/360887" }, { "reference_url": "https://vuldb.com/vuln/360887/cti", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR" }, { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/" } ], "url": "https://vuldb.com/vuln/360887/cti" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-9f6m-65v9-x9g2", "reference_id": "GHSA-9f6m-65v9-x9g2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9f6m-65v9-x9g2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1069823?format=api", "purl": "pkg:pypi/mindsdb@26.1.0rc1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.1.0rc1" } ], "aliases": [ "CVE-2026-7711", "GHSA-9f6m-65v9-x9g2" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krac-rtac-2qe5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36867?format=api", "vulnerability_id": "VCID-kttw-x13y-b3fj", "summary": "An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68509", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68523", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68531", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00555", "scoring_system": "epss", "scoring_elements": "0.68525", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45851" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:15:20Z/" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45851", "reference_id": "CVE-2024-45851", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45851" }, { "reference_url": "https://github.com/advisories/GHSA-wf9g-c67g-h4ch", "reference_id": "GHSA-wf9g-c67g-h4ch", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wf9g-c67g-h4ch" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45851", "GHSA-wf9g-c67g-h4ch", "PYSEC-2024-81" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kttw-x13y-b3fj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55814?format=api", "vulnerability_id": "VCID-nktr-gvas-mqcm", "summary": "MindsDB Eval Injection vulnerability\nAn arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45847", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63471", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63485", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63492", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00438", "scoring_system": "epss", "scoring_elements": "0.63483", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45847" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45847", "reference_id": "CVE-2024-45847", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45847" }, { "reference_url": "https://github.com/advisories/GHSA-crmg-rp64-5cm3", "reference_id": "GHSA-crmg-rp64-5cm3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-crmg-rp64-5cm3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42606?format=api", "purl": "pkg:pypi/mindsdb@24.7.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1gz1-9n27-p3gf" }, { "vulnerability": "VCID-5k2e-1txt-9uch" }, { "vulnerability": "VCID-c9zz-2wmt-t3hj" }, { "vulnerability": "VCID-cgk6-21yc-r3ad" }, { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-qtua-yjhn-nqav" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-tbn5-7918-tqg2" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1" } ], "aliases": [ "CVE-2024-45847", "GHSA-crmg-rp64-5cm3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nktr-gvas-mqcm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50337?format=api", "vulnerability_id": "VCID-qtua-yjhn-nqav", "summary": "MindsDB: Path Traversal in /api/files Leading to Remote Code Execution\nThere is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27483", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.23286", "scoring_system": "epss", "scoring_elements": "0.96059", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.23286", "scoring_system": "epss", "scoring_elements": "0.96057", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.23286", "scoring_system": "epss", "scoring_elements": "0.96054", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-27483" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/" } ], "url": "https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef" }, { "reference_url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/" } ], "url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py", "reference_id": "CVE-2026-27483", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27483", "reference_id": "CVE-2026-27483", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27483" }, { "reference_url": "https://github.com/advisories/GHSA-4894-xqv6-vrfq", "reference_id": "GHSA-4894-xqv6-vrfq", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4894-xqv6-vrfq" }, { "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq", "reference_id": "GHSA-4894-xqv6-vrfq", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/" } ], "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47071?format=api", "purl": "pkg:pypi/mindsdb@25.9.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-stp6-86fa-cubn" }, { "vulnerability": "VCID-uab9-6bgh-efct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.9.1.1" } ], "aliases": [ "CVE-2026-27483", "GHSA-4894-xqv6-vrfq" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qtua-yjhn-nqav" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37211?format=api", "vulnerability_id": "VCID-stp6-86fa-cubn", "summary": "A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23364", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23263", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23317", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00078", "scoring_system": "epss", "scoring_elements": "0.23378", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2531" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://github.com/mindsdb/mindsdb/" }, { "reference_url": "https://github.com/mindsdb/mindsdb/issues/12163", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://github.com/mindsdb/mindsdb/issues/12163" }, { "reference_url": "https://github.com/mindsdb/mindsdb/pull/12213", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://github.com/mindsdb/mindsdb/pull/12213" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml" }, { "reference_url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed" }, { "reference_url": "https://vuldb.com/?ctiid.346119", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://vuldb.com/?ctiid.346119" }, { "reference_url": "https://vuldb.com/?id.346119", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://vuldb.com/?id.346119" }, { "reference_url": "https://vuldb.com/?submit.748219", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C" }, { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/" } ], "url": "https://vuldb.com/?submit.748219" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2531", "reference_id": "CVE-2026-2531", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "2.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2531" }, { "reference_url": "https://github.com/advisories/GHSA-6xw9-2p64-7622", "reference_id": "GHSA-6xw9-2p64-7622", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6xw9-2p64-7622" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47612?format=api", "purl": "pkg:pypi/mindsdb@26.0.0rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-krac-rtac-2qe5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.0.0rc1" } ], "aliases": [ "CVE-2026-2531", "GHSA-6xw9-2p64-7622", "PYSEC-2026-91" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-stp6-86fa-cubn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55809?format=api", "vulnerability_id": "VCID-tbn5-7918-tqg2", "summary": "MindsDB Cross-site Scripting vulnerability\nA cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45856", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36454", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36382", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36418", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00158", "scoring_system": "epss", "scoring_elements": "0.36445", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-45856" }, { "reference_url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45856", "reference_id": "CVE-2024-45856", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H" }, { "value": "6.4", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45856" }, { "reference_url": "https://github.com/advisories/GHSA-32fj-r8qw-r8w8", "reference_id": "GHSA-32fj-r8qw-r8w8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-32fj-r8qw-r8w8" } ], "fixed_packages": [], "aliases": [ "CVE-2024-45856", "GHSA-32fj-r8qw-r8w8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tbn5-7918-tqg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37180?format=api", "vulnerability_id": "VCID-uab9-6bgh-efct", "summary": "MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68472", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57945", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57961", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57969", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00353", "scoring_system": "epss", "scoring_elements": "0.57959", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68472" }, { "reference_url": "https://github.com/mindsdb/mindsdb", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb" }, { "reference_url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1" }, { "reference_url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:36:34Z/" } ], "url": "https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml" }, { "reference_url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68472", "reference_id": "CVE-2025-68472", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68472" }, { "reference_url": "https://github.com/advisories/GHSA-qqhf-pm3j-96g7", "reference_id": "GHSA-qqhf-pm3j-96g7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqhf-pm3j-96g7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/47081?format=api", "purl": "pkg:pypi/mindsdb@25.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-krac-rtac-2qe5" }, { "vulnerability": "VCID-stp6-86fa-cubn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.11.1" } ], "aliases": [ "CVE-2025-68472", "GHSA-qqhf-pm3j-96g7", "PYSEC-2026-90" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uab9-6bgh-efct" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.4.2.0" }