{"url":"http://public2.vulnerablecode.io/api/packages/42582?format=json","purl":"pkg:pypi/mindsdb@23.12.4.0","type":"pypi","namespace":"","name":"mindsdb","version":"23.12.4.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"26.1.0rc1","latest_non_vulnerable_version":"26.1.0rc1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36871?format=json","vulnerability_id":"VCID-1gz1-9n27-p3gf","summary":"Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45855","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45284","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45325","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45329","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4531","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45855"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L433-L442"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-85.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T16:59:31Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45855","reference_id":"CVE-2024-45855","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45855"},{"reference_url":"https://github.com/advisories/GHSA-fr9q-rgwq-g5r5","reference_id":"GHSA-fr9q-rgwq-g5r5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fr9q-rgwq-g5r5"}],"fixed_packages":[],"aliases":["CVE-2024-45855","GHSA-fr9q-rgwq-g5r5","PYSEC-2024-85"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1gz1-9n27-p3gf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36865?format=json","vulnerability_id":"VCID-5k2e-1txt-9uch","summary":"Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45852","reference_id":"","reference_type":"","scores":[{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.4806","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48104","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48108","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48089","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00246","scoring_system":"epss","scoring_elements":"0.48072","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45852"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/proc_wrapper.py#L54-L55"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-82.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:14:17Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45852","reference_id":"CVE-2024-45852","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45852"},{"reference_url":"https://github.com/advisories/GHSA-7vhj-pfwv-hx3w","reference_id":"GHSA-7vhj-pfwv-hx3w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vhj-pfwv-hx3w"}],"fixed_packages":[],"aliases":["CVE-2024-45852","GHSA-7vhj-pfwv-hx3w","PYSEC-2024-82"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5k2e-1txt-9uch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36863?format=json","vulnerability_id":"VCID-ba2s-8e42-7ucs","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45849","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68527","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68531","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68525","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68509","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45849"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-79.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:01:54Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45849","reference_id":"CVE-2024-45849","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45849"},{"reference_url":"https://github.com/advisories/GHSA-c85f-pcx6-2ghm","reference_id":"GHSA-c85f-pcx6-2ghm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c85f-pcx6-2ghm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45849","GHSA-c85f-pcx6-2ghm","PYSEC-2024-79"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ba2s-8e42-7ucs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36868?format=json","vulnerability_id":"VCID-c9zz-2wmt-t3hj","summary":"Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45854","reference_id":"","reference_type":"","scores":[{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45284","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45325","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45296","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.45329","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00225","scoring_system":"epss","scoring_elements":"0.4531","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45854"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L444-L449"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-84.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:05:13Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45854","reference_id":"CVE-2024-45854","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45854"},{"reference_url":"https://github.com/advisories/GHSA-7vhh-gfjc-x8rm","reference_id":"GHSA-7vhh-gfjc-x8rm","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7vhh-gfjc-x8rm"}],"fixed_packages":[],"aliases":["CVE-2024-45854","GHSA-7vhh-gfjc-x8rm","PYSEC-2024-84"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9zz-2wmt-t3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36866?format=json","vulnerability_id":"VCID-cgk6-21yc-r3ad","summary":"Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45853","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52951","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52945","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52929","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52906","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52931","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45853"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/blob/v24.9.2.1/mindsdb/integrations/handlers/byom_handler/byom_handler.py#L424-L431"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-83.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:12:46Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45853","reference_id":"CVE-2024-45853","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"value":"8.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45853"},{"reference_url":"https://github.com/advisories/GHSA-q9r8-89xr-4xv4","reference_id":"GHSA-q9r8-89xr-4xv4","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q9r8-89xr-4xv4"}],"fixed_packages":[],"aliases":["CVE-2024-45853","GHSA-q9r8-89xr-4xv4","PYSEC-2024-83"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgk6-21yc-r3ad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36864?format=json","vulnerability_id":"VCID-d1sm-yyqm-fug8","summary":"An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a database created with the Weaviate engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45846","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63492","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63471","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45846"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-77.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:38:31Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45846","reference_id":"CVE-2024-45846","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45846"},{"reference_url":"https://github.com/advisories/GHSA-wcjw-3v6p-4v3r","reference_id":"GHSA-wcjw-3v6p-4v3r","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wcjw-3v6p-4v3r"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45846","GHSA-wcjw-3v6p-4v3r","PYSEC-2024-77"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d1sm-yyqm-fug8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36869?format=json","vulnerability_id":"VCID-fjec-rvym-t3f1","summary":"An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database created with the ChromaDB engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45848","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63492","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63471","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45848"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-78.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-09-12T14:34:37Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45848","reference_id":"CVE-2024-45848","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45848"},{"reference_url":"https://github.com/advisories/GHSA-9gq6-6936-885w","reference_id":"GHSA-9gq6-6936-885w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9gq6-6936-885w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45848","GHSA-9gq6-6936-885w","PYSEC-2024-78"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjec-rvym-t3f1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36860?format=json","vulnerability_id":"VCID-jzag-uvvs-3fca","summary":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24759","reference_id":"","reference_type":"","scores":[{"value":"0.80791","scoring_system":"epss","scoring_elements":"0.99169","published_at":"2026-06-09T12:55:00Z"},{"value":"0.80791","scoring_system":"epss","scoring_elements":"0.99167","published_at":"2026-06-07T12:55:00Z"},{"value":"0.80791","scoring_system":"epss","scoring_elements":"0.99168","published_at":"2026-06-08T12:55:00Z"},{"value":"0.82793","scoring_system":"epss","scoring_elements":"0.99262","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24759"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:45:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/commit/5f7496481bd3db1d06a2d2e62c0dce960a1fe12b"},{"reference_url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-05T17:45:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4jcv-vp96-94xr"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24759","reference_id":"CVE-2024-24759","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L"},{"value":"7.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-24759"},{"reference_url":"https://github.com/advisories/GHSA-4jcv-vp96-94xr","reference_id":"GHSA-4jcv-vp96-94xr","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4jcv-vp96-94xr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42584?format=json","purl":"pkg:pypi/mindsdb@23.12.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-ba2s-8e42-7ucs"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-d1sm-yyqm-fug8"},{"vulnerability":"VCID-fjec-rvym-t3f1"},{"vulnerability":"VCID-k6m1-mehq-pbez"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-kttw-x13y-b3fj"},{"vulnerability":"VCID-nktr-gvas-mqcm"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.2"}],"aliases":["CVE-2024-24759","GHSA-4jcv-vp96-94xr","PYSEC-2024-74"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jzag-uvvs-3fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36870?format=json","vulnerability_id":"VCID-k6m1-mehq-pbez","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for site column creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45850","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68527","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68531","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68525","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68509","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45850"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-80.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:16:12Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45850","reference_id":"CVE-2024-45850","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45850"},{"reference_url":"https://github.com/advisories/GHSA-v6g6-3cm3-vf6c","reference_id":"GHSA-v6g6-3cm3-vf6c","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v6g6-3cm3-vf6c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45850","GHSA-v6g6-3cm3-vf6c","PYSEC-2024-80"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6m1-mehq-pbez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94134?format=json","vulnerability_id":"VCID-krac-rtac-2qe5","summary":"MindsDB has an Improper Access Control Issue\nA weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byom_handler/proc_wrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7711","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17355","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17253","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17235","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17315","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17351","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-7711"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/"}],"url":"https://github.com/nn0nkey/JD-Security-SHENYI-Team/blob/main/MindsDB_BYOM_RCE.md"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7711","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-7711"},{"reference_url":"https://vuldb.com/submit/806822","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/"}],"url":"https://vuldb.com/submit/806822"},{"reference_url":"https://vuldb.com/vuln/360887","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/"}],"url":"https://vuldb.com/vuln/360887"},{"reference_url":"https://vuldb.com/vuln/360887/cti","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"},{"value":"5.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-04T13:19:59Z/"}],"url":"https://vuldb.com/vuln/360887/cti"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"},{"reference_url":"https://github.com/advisories/GHSA-9f6m-65v9-x9g2","reference_id":"GHSA-9f6m-65v9-x9g2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9f6m-65v9-x9g2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1069823?format=json","purl":"pkg:pypi/mindsdb@26.1.0rc1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.1.0rc1"}],"aliases":["CVE-2026-7711","GHSA-9f6m-65v9-x9g2"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-krac-rtac-2qe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36867?format=json","vulnerability_id":"VCID-kttw-x13y-b3fj","summary":"An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be used for list item creation. If such a query is specially crafted to contain Python code and is run against the database, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45851","reference_id":"","reference_type":"","scores":[{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68527","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68523","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68531","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68525","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00555","scoring_system":"epss","scoring_elements":"0.68509","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45851"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2024-81.yaml"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-12T17:15:20Z/"}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45851","reference_id":"CVE-2024-45851","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45851"},{"reference_url":"https://github.com/advisories/GHSA-wf9g-c67g-h4ch","reference_id":"GHSA-wf9g-c67g-h4ch","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wf9g-c67g-h4ch"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45851","GHSA-wf9g-c67g-h4ch","PYSEC-2024-81"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kttw-x13y-b3fj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55814?format=json","vulnerability_id":"VCID-nktr-gvas-mqcm","summary":"MindsDB Eval Injection vulnerability\nAn arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a database created with the specified integration engine, the code will be passed to an eval function and executed on the server.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45847","reference_id":"","reference_type":"","scores":[{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.6349","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63485","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63492","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63483","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00438","scoring_system":"epss","scoring_elements":"0.63471","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45847"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/commit/11a4db792ad36cf704f7307c7602128b17752c80"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45847","reference_id":"CVE-2024-45847","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45847"},{"reference_url":"https://github.com/advisories/GHSA-crmg-rp64-5cm3","reference_id":"GHSA-crmg-rp64-5cm3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-crmg-rp64-5cm3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/42606?format=json","purl":"pkg:pypi/mindsdb@24.7.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1gz1-9n27-p3gf"},{"vulnerability":"VCID-5k2e-1txt-9uch"},{"vulnerability":"VCID-c9zz-2wmt-t3hj"},{"vulnerability":"VCID-cgk6-21yc-r3ad"},{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-qtua-yjhn-nqav"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-tbn5-7918-tqg2"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@24.7.4.1"}],"aliases":["CVE-2024-45847","GHSA-crmg-rp64-5cm3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nktr-gvas-mqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50337?format=json","vulnerability_id":"VCID-qtua-yjhn-nqav","summary":"MindsDB: Path Traversal in /api/files Leading to Remote Code Execution\nThere is a path traversal vulnerability in Mindsdb's /api/files interface, which an authenticated attacker can exploit to achieve remote command execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27483","reference_id":"","reference_type":"","scores":[{"value":"0.23286","scoring_system":"epss","scoring_elements":"0.96064","published_at":"2026-06-09T12:55:00Z"},{"value":"0.23286","scoring_system":"epss","scoring_elements":"0.96059","published_at":"2026-06-08T12:55:00Z"},{"value":"0.23286","scoring_system":"epss","scoring_elements":"0.96057","published_at":"2026-06-06T12:55:00Z"},{"value":"0.23286","scoring_system":"epss","scoring_elements":"0.96054","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27483"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/commit/87a44bdb2b97f963e18f10a068e1a1e2690505ef"},{"reference_url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.9.1.1"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py","reference_id":"CVE-2026-27483","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/52547.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27483","reference_id":"CVE-2026-27483","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27483"},{"reference_url":"https://github.com/advisories/GHSA-4894-xqv6-vrfq","reference_id":"GHSA-4894-xqv6-vrfq","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4894-xqv6-vrfq"},{"reference_url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq","reference_id":"GHSA-4894-xqv6-vrfq","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-02-27T18:19:02Z/"}],"url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-4894-xqv6-vrfq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47071?format=json","purl":"pkg:pypi/mindsdb@25.9.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-stp6-86fa-cubn"},{"vulnerability":"VCID-uab9-6bgh-efct"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.9.1.1"}],"aliases":["CVE-2026-27483","GHSA-4894-xqv6-vrfq"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtua-yjhn-nqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37211?format=json","vulnerability_id":"VCID-stp6-86fa-cubn","summary":"A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2531","reference_id":"","reference_type":"","scores":[{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23364","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23267","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23263","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23378","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00078","scoring_system":"epss","scoring_elements":"0.23317","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2531"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/"},{"reference_url":"https://github.com/mindsdb/mindsdb/issues/12163","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/issues/12163"},{"reference_url":"https://github.com/mindsdb/mindsdb/pull/12213","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/mindsdb/mindsdb/pull/12213"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-91.yaml"},{"reference_url":"https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://github.com/themavik/mindsdb/commit/74d6f0fd4b630218519a700fbee1c05c7fd4b1ed"},{"reference_url":"https://vuldb.com/?ctiid.346119","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?ctiid.346119"},{"reference_url":"https://vuldb.com/?id.346119","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?id.346119"},{"reference_url":"https://vuldb.com/?submit.748219","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"},{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"},{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-17T17:09:50Z/"}],"url":"https://vuldb.com/?submit.748219"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mindsdb:mindsdb:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2531","reference_id":"CVE-2026-2531","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"2.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2531"},{"reference_url":"https://github.com/advisories/GHSA-6xw9-2p64-7622","reference_id":"GHSA-6xw9-2p64-7622","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xw9-2p64-7622"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47612?format=json","purl":"pkg:pypi/mindsdb@26.0.0rc1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-krac-rtac-2qe5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@26.0.0rc1"}],"aliases":["CVE-2026-2531","GHSA-6xw9-2p64-7622","PYSEC-2026-91"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stp6-86fa-cubn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55809?format=json","vulnerability_id":"VCID-tbn5-7918-tqg2","summary":"MindsDB Cross-site Scripting vulnerability\nA cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within the web UI.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45856","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36454","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36393","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36382","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36418","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36445","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-45856"},{"reference_url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb","reference_id":"","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hiddenlayer.com/sai-security-advisory/2024-09-mindsdb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45856","reference_id":"CVE-2024-45856","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H"},{"value":"6.4","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-45856"},{"reference_url":"https://github.com/advisories/GHSA-32fj-r8qw-r8w8","reference_id":"GHSA-32fj-r8qw-r8w8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-32fj-r8qw-r8w8"}],"fixed_packages":[],"aliases":["CVE-2024-45856","GHSA-32fj-r8qw-r8w8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tbn5-7918-tqg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37180?format=json","vulnerability_id":"VCID-uab9-6bgh-efct","summary":"MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move them into MindsDB’s storage, exposing sensitive data. The PUT handler in file.py directly joins user-controlled data into a filesystem path when the request body is JSON and source_type is not \"url\". Only multipart uploads and URL-sourced uploads receive sanitization; JSON uploads lack any call to clear_filename or equivalent checks. This vulnerability is fixed in 25.11.1.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68472","reference_id":"","reference_type":"","scores":[{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57945","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.5796","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57961","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57969","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00353","scoring_system":"epss","scoring_elements":"0.57959","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68472"},{"reference_url":"https://github.com/mindsdb/mindsdb","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb"},{"reference_url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mindsdb/mindsdb/releases/tag/v25.11.1"},{"reference_url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-12T18:36:34Z/"}],"url":"https://github.com/mindsdb/mindsdb/security/advisories/GHSA-qqhf-pm3j-96g7"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/mindsdb/PYSEC-2026-90.yaml"},{"reference_url":"https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.bluerock.io/post/cve-2025-68472-mindsdb-file-upload-path-traversal"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68472","reference_id":"CVE-2025-68472","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-68472"},{"reference_url":"https://github.com/advisories/GHSA-qqhf-pm3j-96g7","reference_id":"GHSA-qqhf-pm3j-96g7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qqhf-pm3j-96g7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/47081?format=json","purl":"pkg:pypi/mindsdb@25.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-krac-rtac-2qe5"},{"vulnerability":"VCID-stp6-86fa-cubn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@25.11.1"}],"aliases":["CVE-2025-68472","GHSA-qqhf-pm3j-96g7","PYSEC-2026-90"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uab9-6bgh-efct"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/mindsdb@23.12.4.0"}