VulnerableCode Package Details - pkg:pypi/mindsdb@25.14.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/mindsdb@25.14.0

Essentials
History (1)

purl	pkg:pypi/mindsdb@25.14.0

Next non-vulnerable version	26.0.0rc1
Latest non-vulnerable version	26.0.0rc1
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-stp6-86fa-cubn Aliases: CVE-2026-2531 GHSA-6xw9-2p64-7622 PYSEC-2026-91	A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.	26.0.0rc1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:23:56.302264+00:00	Pypa Importer	Affected by	VCID-stp6-86fa-cubn	https://github.com/pypa/advisory-database/blob/main/vulns/mindsdb/PYSEC-2026-91.yaml	38.6.0